堆栈内存溢出
  简体   繁体   English

使用Auth0注销时Heroku“returnTo”查询字符串参数错误

[英]Heroku "returnTo" querystring parameter error on logout using Auth0

 原文  2019-12-23 01:07:59       node.js/ heroku/ port/ logout/ auth0

问题描述

I am using Heroku and have deployed mostly successfully.我正在使用 Heroku 并且已基本成功部署。 The logout has me really stumped.注销让我真的很难过。 According to docs I should be passing a url like,根据文档,我应该传递一个网址,例如,

https://xxxxauth0tennantxxxx/v2/logout or https://YOUR_DOMAIN/v2/logout?returnTo=http%3A%2F%2Fwww.example.com https://xxxxauth0tennantxxxx/v2/logouthttps://YOUR_DOMAIN/v2/logout?returnTo=http%3A%2F%2Fwww.example.com

When I do, I get OK back.当我这样做时,我会好起来的。 But I am using the below code from the Auth0 docs which builds the url including the port number.但我正在使用 Auth0 文档中的以下代码,该代码构建了包含端口号的 url。

router.get('/logout', (req, res) => {
  req.logOut();
  let returnTo = req.protocol + '://' + req.hostname;
  const port = req.connection.localPort;
  if (port !== undefined && port !== 80 && port !== 443) {
    returnTo += ':' + port;
  }
  const logoutURL = new url.URL(
    util.format('https://%s/v2/logout', process.env.AUTH0_DOMAIN),
  );
  const searchString = querystring.stringify({
    client_id: process.env.AUTH0_CLIENT_ID,
    returnTo: returnTo,
  });
  logoutURL.search = searchString;
  res.redirect(logoutURL);
});

Heroku automatically assigns a port however so therefore everytime I try to logout I am met with an error of The "returnTo" querystring parameter "http://xxxxx.herokuapp.com:12345" is not defined as a valid URL in "Allowed Logout URLs". Heroku 会自动分配一个端口,因此每次我尝试注销时都会遇到The "returnTo" querystring parameter "http://xxxxx.herokuapp.com:12345" is not defined as a valid URL in "Allowed Logout URLs".的错误The "returnTo" querystring parameter "http://xxxxx.herokuapp.com:12345" is not defined as a valid URL in "Allowed Logout URLs".

I have tried to add every variant allowed logout url I can try but with no luck http://localhost:8000,http://*.herokuapp.com,https://*.auth0.com/v2/logout,https://*.auth0.com/,https://xxxxxxx.auth0.com I even tried setting app.set('trust proxy', 1);我试图添加每个允许的变体注销 url 我可以尝试但没有运气http://localhost:8000,http://*.herokuapp.com,https://*.auth0.com/v2/logout,https://*.auth0.com/,https://xxxxxxx.auth0.com我什至尝试设置app.set('trust proxy', 1); as some docs suggest for Heroku.正如一些文档为 Heroku 所建议的那样。

Please, how can I account for the dynamic port heroku assigns in my logout url?请问,我如何在我的注销 url 中说明 heroku 分配的动态端口?

Edit: I have tried this variant of the endpoint too编辑:我也尝试过这个端点的变体

And I have tried to edit the endpoint call as我尝试将端点调用编辑为

    router.get('/logout', (req, res) => {
    let returnTo = req.protocol + '://' + req.hostname;
    const port = req.connection.localPort;
    if (port !== undefined && port !== 80 && port !== 443) {
    returnTo = process.env.NODE_ENV === 'production' ? `${returnTo}/` : `${returnTo}:${port}/`;
  }
    req.logout();
    if (req.session) {
      req.session.destroy(function(err) {
        if (err) {
          console.log(err);
      }
      console.log('Destroyed the user session on Auth0 endpoint');
      res.redirect(req.protocol + '://' + process.env.AUTH0_DOMAIN + '/v2/logout?client_id=' + process.env.AUTH0_CLIENT_ID + '&returnTo=' + returnTo +' ');
    });
    }
    });

2 个解决方案

解决方案1
 0  2019-12-23 11:02:56

As the error message indicates, you need to add the http://xxxxx.herokuapp.com:12345 to the Allowed Logout URLs in your application settings.如错误消息所示,您需要将http://xxxxx.herokuapp.com:12345添加到应用程序设置中的 Allowed Logout URLs。 Replace XXXXX with heroku app name and include the port number as well.将 XXXXX 替换为 heroku 应用程序名称并包括端口号。

解决方案2
 0 已采纳  2019-12-24 21:49:52

Finally, I just removed the port when building the url and voila, logged out and redirected to home page.最后,我只是在构建 url 时删除了端口,瞧,注销并重定向到主页。

  router.get('/logout', (req, res) => {
  let returnTo = req.protocol + '://' + req.hostname;
  const port = req.connection.localPort;
  if (port !== undefined && port !== 80 && port !== 443) {
    returnTo = process.env.NODE_ENV === 'production' ? `${returnTo}/` : `${returnTo}`;
  }
  req.logout();

  if (req.session) {
    req.session.destroy(function(err) {
      if (err) {
        console.log(err);
      }
      console.log('Destroyed the user session on Auth0 endpoint');

      const logoutURL = new url.URL(
          util.format('https://%s/v2/logout', process.env.AUTH0_DOMAIN),
      );
      const searchString = querystring.stringify({
        client_id: process.env.AUTH0_CLIENT_ID,
        returnTo: returnTo,
      });
      logoutURL.search = searchString;

      res.redirect(logoutURL);

    });
  }
});

What a difference some rest does for tired eyes, there is so much (excellent) documentation, it's just very confusing and overwhelming but I think I got it now.休息对疲惫的眼睛有什么不同,有这么多(优秀的)文档,这只是非常令人困惑和不知所措,但我想我现在明白了。 Now to check all is secure and safe to use.现在检查所有内容是否安全且可以安全使用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将 auth0 与 heroku 一起使用时的内容安全策略问题 - Content Security Policy issue when using auth0 with heroku 使用Auth0的Node / Hapi快速入门时出错 - Error using Auth0’s Node/Hapi Quickstart Auth0“未找到服务”错误 - Auth0 "service not found" error 在MERN堆栈中使用Auth0 - Using Auth0 with MERN stack 状态 401 未经授权的 Auth0 访问令牌 Node JS Heroku - status 401 Unauthorized Auth0 access token Node JS Heroku auth0中的角度回调回调不匹配错误 - callback missmatch error in angular with auth0 Auth0 / userinfo端点返回未经授权的错误 - The Auth0 /userinfo endpoint returns an unauthorized error Auth0 ManagementClient 错误 function getUserBlocks - Error in Auth0 ManagementClient function getUserBlocks 使用带有 auth0 的护照强制执行不活动超时 - Enforcing inactivity timeout using passport with auth0 在 gRPC 方法上将 Auth0 与 NestJS 结合使用 - Using Auth0 with NestJS on gRPC Methods
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM