堆栈内存溢出
  繁体   English   中英

如何在节点 OIDC 提供者中获取授权码

[英]How to get the Authorization code in the node OIDC provider

 原文  2021-05-08 10:33:51       node.js/ openid-connect/ oidc-provider/ node-oidc-provider

问题描述

我在 Node JS 中实现了 node-OIDC-Provider 我得到了 Id-token 但我需要授权码。 所以,当我点击这个 Api( http://localhost:3000/auth?client_id=oidcCLIENT&response_type=code&scope=openid&redirect_uri=http://localhost:3000 )它抛出一个错误(' Z80791B3AE7002CB88C246876D9FAA8FZ87000/? =invalid_request&error_description=授权%20Server%20policy%20requires%20PKCE%20to%20be%20used%20for%20this%20request ')。 如何修复此错误并获取授权码

示例.js

const { Provider } = require('oidc-provider');
var express = require('express')
var app = express()

const oidc = new Provider('http://localhost:3000', {
    clients: [
      {
        client_id: 'oidcCLIENT',
        client_secret: '...',
        grant_types: ['refresh_token', 'authorization_code'],
        redirect_uris: ['http://localhost:3000'],
      }
    ],
    interactions: {
      url(ctx, interaction) { // eslint-disable-line no-unused-vars
        return `/interaction/${interaction.uid}`;
      },
    },
    cookies: {
      keys: ['some secret key', 'and also the old rotated away some time ago', 'and one more'],
    },
    claims: {
      address: ['address'],
      email: ['email', 'email_verified'],
      phone: ['phone_number', 'phone_number_verified'],
      profile: ['birthdate', 'family_name', 'gender', 'given_name', 'locale', 'middle_name', 'name',
        'nickname', 'picture', 'preferred_username', 'profile', 'updated_at', 'website', 'zoneinfo'],
    },
    features: {
      devInteractions: { enabled: false }, // defaults to true
  
      deviceFlow: { enabled: true }, // defaults to false
      revocation: { enabled: true }, // defaults to false
    },
    jwks: {
      keys: [
        {
          d: 'VEZOsY07JTFzGTqv6cC2Y32vsfChind2I_TTuvV225_-0zrSej3XLRg8iE_u0-3GSgiGi4WImmTwmEgLo4Qp3uEcxCYbt4NMJC7fwT2i3dfRZjtZ4yJwFl0SIj8TgfQ8ptwZbFZUlcHGXZIr4nL8GXyQT0CK8wy4COfmymHrrUoyfZA154ql_OsoiupSUCRcKVvZj2JHL2KILsq_sh_l7g2dqAN8D7jYfJ58MkqlknBMa2-zi5I0-1JUOwztVNml_zGrp27UbEU60RqV3GHjoqwI6m01U7K0a8Q_SQAKYGqgepbAYOA-P4_TLl5KC4-WWBZu_rVfwgSENwWNEhw8oQ',
          dp: 'E1Y-SN4bQqX7kP-bNgZ_gEv-pixJ5F_EGocHKfS56jtzRqQdTurrk4jIVpI-ZITA88lWAHxjD-OaoJUh9Jupd_lwD5Si80PyVxOMI2xaGQiF0lbKJfD38Sh8frRpgelZVaK_gm834B6SLfxKdNsP04DsJqGKktODF_fZeaGFPH0',
          dq: 'F90JPxevQYOlAgEH0TUt1-3_hyxY6cfPRU2HQBaahyWrtCWpaOzenKZnvGFZdg-BuLVKjCchq3G_70OLE-XDP_ol0UTJmDTT-WyuJQdEMpt_WFF9yJGoeIu8yohfeLatU-67ukjghJ0s9CBzNE_LrGEV6Cup3FXywpSYZAV3iqc',
          e: 'AQAB',
          kty: 'RSA',
          n: 'xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ',
          p: '5wC6nY6Ev5FqcLPCqn9fC6R9KUuBej6NaAVOKW7GXiOJAq2WrileGKfMc9kIny20zW3uWkRLm-O-3Yzze1zFpxmqvsvCxZ5ERVZ6leiNXSu3tez71ZZwp0O9gys4knjrI-9w46l_vFuRtjL6XEeFfHEZFaNJpz-lcnb3w0okrbM',
          q: '3I1qeEDslZFB8iNfpKAdWtz_Wzm6-jayT_V6aIvhvMj5mnU-Xpj75zLPQSGa9wunMlOoZW9w1wDO1FVuDhwzeOJaTm-Ds0MezeC4U6nVGyyDHb4CUA3ml2tzt4yLrqGYMT7XbADSvuWYADHw79OFjEi4T3s3tJymhaBvy1ulv8M',
          qi: 'wSbXte9PcPtr788e713KHQ4waE26CzoXx-JNOgN0iqJMN6C4_XJEX-cSvCZDf4rh7xpXN6SGLVd5ibIyDJi7bbi5EQ5AXjazPbLBjRthcGXsIuZ3AtQyR0CEWNSdM7EyM5TRdyZQ9kftfz9nI03guW3iKKASETqX2vh0Z8XRjyU',
          use: 'sig',
        }, {
          crv: 'P-256',
          d: 'K9xfPv773dZR22TVUB80xouzdF7qCg5cWjPjkHyv7Ws',
          kty: 'EC',
          use: 'sig',
          x: 'FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4',
          y: '_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4',
        },
      ],
    },
  });

// express/nodejs style application callback (req, res, next) for use with express apps, see /examples/express.js

app.get('/sample', function (req, res) {
    res.send('hello world')
  })
  app.use(oidc.callback())

// or just expose a server standalone, see /examples/standalone.js
const server = app.listen(3000, () => {
  console.log('oidc-provider listening on port 3000, check http://localhost:3000/.well-known/openid-configuration');
});

如何使用节点在 OIDC 中设置授权服务器策略(授权服务器策略需要 PKCE 用于此请求')

1 个解决方案

解决方案1
 0 已采纳  2021-05-09 08:43:19

我相信你需要设置这些选项:

pkce: {
  required: true
},
token_endpoint_auth_method: "none"

此外,如果使用 PKCE,您应该发送标准的 code_challenge 和 code_verifier 方法,如我的博客文章的第 4 步和第 8 步。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 [node oidc provider]:授权代码流程 如何使用节点 oidc 提供程序获取用户信息 如何在 Node jS 中集成 OIDC Provider 如何使用节点 OIDC 提供程序中的令牌端点获取 access_token 如何使用节点 oidc 提供程序更改访问令牌格式 如何使用 express 使用 node-oidc-provider access_token? node-oidc-provider 的路由问题 如何使用 ExpressJS 针对 mountPath 挂载 node-oidc-provider? 如何在node-oidc-provider中重定向失败的登录尝试 如何使用 OIDC 提供程序在 /token 端点中获取访问令牌和刷新令牌
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM