堆栈内存溢出
  简体   繁体   English

如何使用 express JS 在 React JS 中实现 Open ID 连接

[英]How to implement Open ID connect in React JS with express JS

 原文  2022-04-13 02:00:01       javascript/ node.js/ reactjs/ express/ openid-connect

问题描述

I have implemented the OIDC in the backend express app using express-openid-connect with the provider as ADFS and on successful authentication the express app saves the info into session and the backend APIs are protected.我已经使用express-openid-connect与作为 ADFS 的提供商在后端 express 应用程序中实现了 OIDC,并且在成功验证后,express 应用程序将信息保存到 session 中,后端 API 受到保护。 What mechanism/library I can use to protect my react app using OIDC and can also hit the protected APIs at the same time?我可以使用什么机制/库来保护我的使用 OIDC 的 React 应用程序,并且还可以同时访问受保护的 API? React and Node are on different domain basically they are independent and deployed on different server. React 和 Node 在不同的领域,基本上它们是独立的,部署在不同的服务器上。

1 个解决方案

解决方案1
 1 已采纳  2022-04-13 18:17:50

WEBSITE MODEL网站 MODEL

The express library is for scenarios where you are using a Node.js website that serves your React app's static content. express 库适用于您使用 Node.js 网站为 React 应用程序的 static 内容提供服务的场景。 Requests for your index.html file will trigger a redirect if there is no secure cookie yet.如果还没有安全 cookie,对 index.html 文件的请求将触发重定向。

After user sign in, an HTTP only encrypted cookie is written, and you can then call APIs via other routes in the website, as explained in this section of the docs .用户登录后,将写入一个 HTTP 只有加密的 cookie,然后您可以通过网站中的其他路由调用 API,如文档的本节所述 The web back end decrypts the cookie, then makes an access token available that can be forwarded from the website to APIs. web 后端解密 cookie,然后提供可从网站转发到 API 的访问令牌。

SPA STATIC CONTENT HOST SPA STATIC 内容托管

If you want to serve the SPA as just static content, similar to development web servers like webpack, the express solution is not the right architectural choice and you need a different option.如果您只想将 SPA 用作 static 内容,类似于开发 web 服务器,如 webpack,则快速解决方案不是正确的架构选择,您需要不同的选择。 You can't just throw these things together.你不能把这些东西放在一起。

However, current security best practices mean you should only use secure cookies in the browser, so you need to solve this problem, and it is far from easy.但是,当前的安全最佳实践意味着您只能在浏览器中使用安全的 cookies,因此您需要解决这个问题,而这绝非易事。 The simplest option in the short term may be to serve static content via express.短期内最简单的选择可能是通过快递服务 static 内容。

FURTHER INFO更多信息

We have plenty of info on SPA architectures at Curity, starting with SPA Best Practices and a React Code Example , but it is very architectural, and SPA security is a tough topic.我们在 Curity 有很多关于 SPA 架构的信息,从SPA Best PracticesReact Code Example开始,但它非常具有架构性,而且 SPA 安全是一个棘手的话题。 So you need to discuss requirements with your stakeholders, based on costs and benefits.因此,您需要根据成本和收益与利益相关者讨论需求。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使 React JS 和 Socket IO 通过 Express JS 服务器连接在一起? - How can i make React JS and Socket IO connect together via Express JS server? 如何正确实现 Express + Node JS + Browserify? - How to implement Express + Node JS + Browserify properly? 如何在 node js 上实现 csurf 和 react js? - how to implement csurf on node js and react js? 如何将Express JS应用程序连接到github API - How to connect an express JS app to github API 如何通过节点js将React Js连接到mysql? - How to connect React Js to mysql with node js? 如何在express.js中打开多个URL? - How to open multiple urls in express.js? Azure:连接/代理前端(React)到后端(Express/node.js) - Azure: Connect/Proxy Frontend (React) to Backend (Express/node.js) React Express js 身份验证 - React Express js auth 在React js中实现搜索 - Implement Search in React js 如何将 react,next.js + express js app 部署到.netlify? - How to deploy react, next js + express js app to netlify?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM