[英]How to integrate OpenID connect to Nest JS application
I used this documentation( https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#accounts )for implementing OpenID to Nest JS.我使用此文档 ( https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#accounts ) 将 OpenID 实现到 Nest JS。 In this documentation he mentioned client_id and client secret and redirect URLS.
在本文档中,他提到了 client_id 和客户端密码以及重定向 URLS。 How to get this Information's and Integrating
如何获取此信息并进行整合
One option is to create an oidc strategy for passport
.一种选择是为
passport
创建一个 oidc 策略。
It's a lengthy process, and rather than copying/pasting an entire tutorial, I'll add a link and hope it doesn't break.这是一个漫长的过程,我不会复制/粘贴整个教程,而是添加一个链接并希望它不会中断。
https://sdoxsee.github.io/blog/2020/02/05/cats-nest-nestjs-mongo-oidc.html https://sdoxsee.github.io/blog/2020/02/05/cats-nest-nestjs-mongo-oidc.html
Here's the strategy implementation, but there are several other components that need to be configured.这是策略实现,但还有其他几个组件需要配置。
// auth/oidc.strategy.ts
import { UnauthorizedException } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy, Client, UserinfoResponse, TokenSet, Issuer } from 'openid-client';
import { AuthService } from './auth.service';
export const buildOpenIdClient = async () => {
const TrustIssuer = await Issuer.discover(`${process.env.OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER}/.well-known/openid-configuration`);
const client = new TrustIssuer.Client({
client_id: process.env.OAUTH2_CLIENT_REGISTRATION_LOGIN_CLIENT_ID,
client_secret: process.env.OAUTH2_CLIENT_REGISTRATION_LOGIN_CLIENT_SECRET,
});
return client;
};
export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') {
client: Client;
constructor(private readonly authService: AuthService, client: Client) {
super({
client: client,
params: {
redirect_uri: process.env.OAUTH2_CLIENT_REGISTRATION_LOGIN_REDIRECT_URI,
scope: process.env.OAUTH2_CLIENT_REGISTRATION_LOGIN_SCOPE,
},
passReqToCallback: false,
usePKCE: false,
});
this.client = client;
}
async validate(tokenset: TokenSet): Promise<any> {
const userinfo: UserinfoResponse = await this.client.userinfo(tokenset);
try {
const id_token = tokenset.id_token
const access_token = tokenset.access_token
const refresh_token = tokenset.refresh_token
const user = {
id_token,
access_token,
refresh_token,
userinfo,
}
return user;
} catch (err) {
throw new UnauthorizedException();
}
}
}
You get the client-id and secret from the openid connect provider.您从 openid 连接提供程序获取客户端 ID 和密码。 You add/register the client there.
您在那里添加/注册客户。
Redirect URL is the URL to the openid connect client, to what URL the authorization code should be sent to after a successful authentication.将 URL 是 URL 重定向到 openid 连接客户端,到 URL 认证成功后应该发送的授权码。 This URL is hardcoded in the provider.
此 URL 在提供程序中进行了硬编码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.