Passport.js Azure AD 身份验证总是第二次失败
[英]Passport.js Azure AD auth always fails the second time
问题描述
So i'm using Passport.js in Express to authenticate users in an app with the passport-azure-oauth2 strategy.
因此,我在 Express 中使用 Passport.js 使用passport-azure-oauth2策略对应用程序中的用户进行身份验证。
The first login works fine, the Microsoft portal takes me back to /cb which is第一次登录工作正常,Microsoft 门户将我带回 /cb,即
app.get("/cb", auth.passport.authenticate("provider", {
successRedirect: "/",
failureRedirect: "/login"
}), function (req, res) {
res.redirect("/");
});
And it successfully redirects me to '/'.它成功地将我重定向到'/'。 At this point I can log out 'Logged in' via this此时我可以通过此注销“登录”
if(req.isAuthenticated()) {
console.log('Logged in');
} else {
console.log('Not logged in');
}
The issue comes when I either log out and try and log back in again, or try and log in with a different browser.当我退出并尝试重新登录,或者尝试使用其他浏览器登录时,就会出现问题。 The Microsoft portal always takes me back to '/login', leaving me in a loop. Microsoft 门户总是让我回到“/login”,让我陷入循环。
The login script is simply:登录脚本很简单:
app.get('/logout', function(req, res) {
req.logout();
res.redirect('/');
});
On Chrome, when I log in (even successfully) it logs an error: Set-Cookie header is ignored in response from url: https://login.microsoftonline.com/common/login. Cookie length should be less than or equal to 4096 characters.在 Chrome 上,当我登录(甚至成功)时,它会记录一个错误: Set-Cookie header is ignored in response from url: https://login.microsoftonline.com/common/login. Cookie length should be less than or equal to 4096 characters. Set-Cookie header is ignored in response from url: https://login.microsoftonline.com/common/login. Cookie length should be less than or equal to 4096 characters.
I'm guessing the issue might be something to do with this?我猜这个问题可能与此有关? But i've tried everything I can think of to no avail.但是我已经尝试了我能想到的一切都无济于事。
1 个解决方案
解决方案1
0 2022-07-20 13:52:28
it's been a while since you have asked this, but maybe it could be helpful for someone else.你问这个已经有一段时间了,但也许它对其他人有帮助。
After a day of debugging i found out that the service worker of my react app was messing with the passport authentication strategy.经过一天的调试,我发现我的 react 应用程序的服务人员正在搞乱护照身份验证策略。
As you have described, when you load the page for the first time the service worker is not registered yet, but when you get redirected to the homepage the script in the index.jsx enable the worker in the browser (i used it to display the install app button on chrome), so if you logout and try to login again this issue comes along.正如您所描述的,当您第一次加载页面时,服务工作人员尚未注册,但是当您被重定向到主页时,index.jsx 中的脚本在浏览器中启用工作人员(我用它来显示在 chrome 上安装应用程序按钮),因此如果您注销并尝试再次登录,则会出现此问题。
If you are in a rush i suggest you to temporary disable the worker if it's not very important for the right functioning of your app and you'll see that everything works fine.如果您赶时间,我建议您暂时禁用工作程序,如果它对您的应用程序的正常运行不是很重要,您会发现一切正常。
It works on localhost because the script detects your environment and it does not start.它在 localhost 上工作,因为脚本检测到您的环境并且它没有启动。
Unfortunately i have not found a permanent solution yet.不幸的是,我还没有找到永久的解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.