[英]passport-google-auth + aws cognito + nodejs
I am using passport-google-auth to authenticate google users, and it returns me access_token that I am using to get aws Cognito credentials, but it throws an error: 我正在使用passport-google-auth对Google用户进行身份验证,它返回我用来获取aws Cognito凭据的access_token,但它抛出错误:
NotAuthorizedException: Invalid login token. NotAuthorizedException:无效的登录令牌。 Not a valid OpenId Connect identity token. 不是有效的OpenId Connect身份令牌。
my code snippet: 我的代码段:
passport.use(new GoogleStrategy(googleDeveloperDetails, getUserDetails));
app.get("/auth/google", passport.authenticate("google", { scope: ['email'] }));
var authGoogle = passport.authenticate("google", {
failureRedirect: "/auth/google"
});
app.get("auth/google/callback", authGoogle, controller.successRedirect);
getUserDetails = function(accessToken, refreshToken, params, profile, done) {
profile.token = accessToken;
done(null, profile);
}
googleDeveloperDetails = {
clientID: "google cleint ID",
clientSecret: "google client secret",
callbackURL: "https://localhost:3000/auth/google/callback",
profileFields: ["emails", "profile"]
}
Solved 解决了
Solved by using params.id_token which is received from Google. 通过使用从Google收到的params.id_token解决。 Google passport returns accessToken, refreshToken and params.id_token, after searching and reading open-id-connect providers I got the solution. 在搜索并读取开放ID连接提供程序后,Google护照返回了accessToken,refreshToken和params.id_token,我得到了解决方案。
Here's the solution: 解决方法如下:
passport.use(new GoogleStrategy(googleDeveloperDetails, getUserDetails));
app.get("/auth/google", passport.authenticate("google", { scope: ['email'] }));
var authGoogle = passport.authenticate("google", {
failureRedirect: "/auth/google"
});
app.get("auth/google/callback", authGoogle, controller.successRedirect);
getUserDetails = function(accessToken, refreshToken, params, profile, done) {
if(profile.provider == "google") {
// params.id_token to be used to get cognito credentials
profile.token = params.id_token;
} else {
profile.token = accessToken;
}
done(null, profile);
}
googleDeveloperDetails = {
clientID: "google cleint ID",
clientSecret: "google client secret",
callbackURL: "https://localhost:3000/auth/google/callback",
profileFields: ["emails", "profile"]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.