AppID userProfileManager.getUserInfo() 给出 UnauthorizedException 错误
[英]AppID userProfileManager.getUserInfo() gives a UnauthorizedException error
问题描述
I am playing around with the Appid implementation using the NodeJs SDK and I am currently trying to fetch ApplicationIdentityToken via the TokenManager .
我正在使用 NodeJs SDK 玩 Appid 实现,我目前正在尝试通过TokenManager获取ApplicationIdentityToken 。 And below is my code snippet.下面是我的代码片段。
The tokenManager.getApplicationIdentityToken() gives you a valid token, but the problem I am facing is that whenever I pass this token to the userProfileManager.getUserInfo(token) it gives me a UnauthorizedException . tokenManager.getApplicationIdentityToken()为您提供了一个有效的令牌,但我面临的问题是,每当我将此令牌传递给userProfileManager.getUserInfo(token)时,它都会给我一个UnauthorizedException 。
I have stripped down the entire code and created a small function just to test the fetching of token and verifying it with the userProfileManager.getUserInfo function.我已经剥离了整个代码并创建了一个小的 function 只是为了测试令牌的获取并使用userProfileManager.getUserInfo function 对其进行验证。
Note: Please ignore the antipattern it is just for providing the code snippet.注意:请忽略仅用于提供代码片段的反模式。
const userProfileManager = require('ibmcloud-appid').UserProfileManager;
userProfileManager.init({
oauthServerUrl: process.env.APPID_URL,
profilesUrl: process.env.APPID_PROFILES_URL,
});
const config = {
tenantId: process.env.TENANT_ID,
clientId: process.env.CLIENT_ID,
secret: process.env.CLIENT_SECRET,
oauthServerUrl: process.env.APPID_URL,
profilesUrl: process.env.APPID_PROFILES_URL,
};
let token = '';
const { TokenManager } = require('ibmcloud-appid');
const tokenManager = new TokenManager(config);
const getAppIdentityToken = async () => {
tokenManager
.getApplicationIdentityToken()
.then((appIdAuthContext) => {
console.log(` Access tokens from SDK : ${JSON.stringify(appIdAuthContext)}`);
token = appIdAuthContext.accessToken;
})
.then(async () => {
const data = await userProfileManager.getUserInfo(token);
console.log(data);
})
.catch((err) => {
console.error(err);
});
};
exports.getAppIdentityToken = getAppIdentityToken;
2 个解决方案
解决方案1
0 2020-06-30 07:27:10
I believe there is some confusion.我相信有些混乱。
AppID is an IBM Cloud service and you can manage the service as a user of IBM Cloud.
AppID 是一项 IBM Cloud 服务,您可以作为 IBM Cloud 用户管理该服务。 This requires that you are logged in or have an API key or access token.这需要您登录或拥有 API 密钥或访问令牌。Then, AppID is able to manage users and access.
然后,AppID 能够管理用户和访问。 For that, there are self-service actions as well as access token for working with an app or other resources.为此,有自助操作以及用于使用应用程序或其他资源的访问令牌。
It seems to me that you generated a token for 2), but performing the user profile access which requires an IAM token .在我看来,您为 2) 生成了一个令牌,但执行 需要 IAM 令牌的用户配置文件访问。
解决方案2
0 2020-07-01 16:21:34
TokenManager is used for Custom Identity or Application Identity flows. TokenManager 用于自定义身份或应用程序身份流。 Application Identity flows are for app-to-app communication (ie client_credentials grant type).应用程序身份流用于应用程序之间的通信(即 client_credentials 授权类型)。 Getting the user info is user-to-app communication (eg authorization_code grant type) so you need a user's access token.获取用户信息是用户到应用程序的通信(例如授权代码授权类型),因此您需要用户的访问令牌。 You can get that token from the session, provided that the user is logged in:您可以从 session 获取该令牌,前提是用户已登录:
accessToken = req.session[WebAppStrategy.AUTH_CONTEXT].accessToken;
See the SDK's README for more details: https://github.com/ibm-cloud-security/appid-serversdk-nodejs#manage-user-profile有关更多详细信息,请参阅 SDK 的 README: https://github.com/ibm-cloud-security/appid-serversdk-nodejs#manage-user-profile
What is your use case?你的用例是什么? You may not need to make this additional request using UserProfileManager.您可能不需要使用 UserProfileManager 发出此附加请求。 You can find the user info in the identity token, and can add additional information to the token using custom claims mappinghttps://cloud.ibm.com/docs/appid?topic=appid-customizing-tokens您可以在身份令牌中找到用户信息,并且可以使用自定义声明映射https://cloud.ibm.com/docs/appid?topic=appid-customizing-tokens向令牌添加其他信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.