[英]Heroku "returnTo" querystring parameter error on logout using Auth0
I am using Heroku and have deployed mostly successfully.我正在使用 Heroku 并且已基本成功部署。 The logout has me really stumped.注销让我真的很难过。 According to docs I should be passing a url like,根据文档,我应该传递一个网址,例如,
https://xxxxauth0tennantxxxx/v2/logout
or https://YOUR_DOMAIN/v2/logout?returnTo=http%3A%2F%2Fwww.example.com
https://xxxxauth0tennantxxxx/v2/logout
或https://YOUR_DOMAIN/v2/logout?returnTo=http%3A%2F%2Fwww.example.com
When I do, I get OK back.当我这样做时,我会好起来的。 But I am using the below code from the Auth0 docs which builds the url including the port number.但我正在使用 Auth0 文档中的以下代码,该代码构建了包含端口号的 url。
router.get('/logout', (req, res) => {
req.logOut();
let returnTo = req.protocol + '://' + req.hostname;
const port = req.connection.localPort;
if (port !== undefined && port !== 80 && port !== 443) {
returnTo += ':' + port;
}
const logoutURL = new url.URL(
util.format('https://%s/v2/logout', process.env.AUTH0_DOMAIN),
);
const searchString = querystring.stringify({
client_id: process.env.AUTH0_CLIENT_ID,
returnTo: returnTo,
});
logoutURL.search = searchString;
res.redirect(logoutURL);
});
Heroku automatically assigns a port however so therefore everytime I try to logout I am met with an error of The "returnTo" querystring parameter "http://xxxxx.herokuapp.com:12345" is not defined as a valid URL in "Allowed Logout URLs".
Heroku 会自动分配一个端口,因此每次我尝试注销时都会遇到The "returnTo" querystring parameter "http://xxxxx.herokuapp.com:12345" is not defined as a valid URL in "Allowed Logout URLs".
的错误The "returnTo" querystring parameter "http://xxxxx.herokuapp.com:12345" is not defined as a valid URL in "Allowed Logout URLs".
I have tried to add every variant allowed logout url I can try but with no luck http://localhost:8000,http://*.herokuapp.com,https://*.auth0.com/v2/logout,https://*.auth0.com/,https://xxxxxxx.auth0.com
I even tried setting app.set('trust proxy', 1);
我试图添加每个允许的变体注销 url 我可以尝试但没有运气http://localhost:8000,http://*.herokuapp.com,https://*.auth0.com/v2/logout,https://*.auth0.com/,https://xxxxxxx.auth0.com
我什至尝试设置app.set('trust proxy', 1);
as some docs suggest for Heroku.正如一些文档为 Heroku 所建议的那样。
Please, how can I account for the dynamic port heroku assigns in my logout url?请问,我如何在我的注销 url 中说明 heroku 分配的动态端口?
Edit: I have tried this variant of the endpoint too编辑:我也尝试过这个端点的变体
And I have tried to edit the endpoint call as我尝试将端点调用编辑为
router.get('/logout', (req, res) => {
let returnTo = req.protocol + '://' + req.hostname;
const port = req.connection.localPort;
if (port !== undefined && port !== 80 && port !== 443) {
returnTo = process.env.NODE_ENV === 'production' ? `${returnTo}/` : `${returnTo}:${port}/`;
}
req.logout();
if (req.session) {
req.session.destroy(function(err) {
if (err) {
console.log(err);
}
console.log('Destroyed the user session on Auth0 endpoint');
res.redirect(req.protocol + '://' + process.env.AUTH0_DOMAIN + '/v2/logout?client_id=' + process.env.AUTH0_CLIENT_ID + '&returnTo=' + returnTo +' ');
});
}
});
As the error message indicates, you need to add the http://xxxxx.herokuapp.com:12345
to the Allowed Logout URLs in your application settings.如错误消息所示,您需要将http://xxxxx.herokuapp.com:12345
添加到应用程序设置中的 Allowed Logout URLs。 Replace XXXXX with heroku app name and include the port number as well.将 XXXXX 替换为 heroku 应用程序名称并包括端口号。
Finally, I just removed the port when building the url and voila, logged out and redirected to home page.最后,我只是在构建 url 时删除了端口,瞧,注销并重定向到主页。
router.get('/logout', (req, res) => {
let returnTo = req.protocol + '://' + req.hostname;
const port = req.connection.localPort;
if (port !== undefined && port !== 80 && port !== 443) {
returnTo = process.env.NODE_ENV === 'production' ? `${returnTo}/` : `${returnTo}`;
}
req.logout();
if (req.session) {
req.session.destroy(function(err) {
if (err) {
console.log(err);
}
console.log('Destroyed the user session on Auth0 endpoint');
const logoutURL = new url.URL(
util.format('https://%s/v2/logout', process.env.AUTH0_DOMAIN),
);
const searchString = querystring.stringify({
client_id: process.env.AUTH0_CLIENT_ID,
returnTo: returnTo,
});
logoutURL.search = searchString;
res.redirect(logoutURL);
});
}
});
What a difference some rest does for tired eyes, there is so much (excellent) documentation, it's just very confusing and overwhelming but I think I got it now.休息对疲惫的眼睛有什么不同,有这么多(优秀的)文档,这只是非常令人困惑和不知所措,但我想我现在明白了。 Now to check all is secure and safe to use.现在检查所有内容是否安全且可以安全使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.