环回是否支持代理身份验证?
[英]Does Loopback supports proxied authentication?
问题描述
I am creating an API in NodeJS using IBM's Loopback (3.x) framework. 
我正在使用IBM的Loopback(3.x)框架在NodeJS中创建API。 Loopback seems to handle classic authentication methods (vs database). 回送似乎可以处理经典的身份验证方法(相对于数据库)。 In my case, we are using a proxied authentication header (from a 3rd party software) with the username and other data from the verified user. 就我而言,我们使用代理身份验证标头(来自第三方软件)以及用户名和来自已验证用户的其他数据。
Is it possible to configure Loopback to "trust" requests that contain a specific header with the user information? 是否可以将“回送”配置为包含特定标头以及用户信息的“信任”请求?
1 个解决方案
解决方案1
0
You can configure loopback to "trust" anything it wants with dynamic roles . 您可以将环回配置为通过动态角色 “信任”它想要的任何东西。
Role.registerResolver('somebodyitrust', function(role, context, cb) {
const iTrustYou = true;
return cb(null, iTrustYou);
});
But you're going to have to verify that the information is correct, and so you're probably going to have to use a database and access tokens, and so you're back to square one. 但是您将必须验证信息的正确性,因此您可能将不得不使用数据库并访问令牌,因此您将回到正题。 Unless you're using openauth . 除非您使用openauth 。
If you do go ahead trying to authorize by fields in the header you'll need to get the request context, which means you'll have to configure loopback-context . 如果确实要尝试通过标头中的字段进行授权,则需要获取请求上下文,这意味着您必须配置loopback-context 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.