如何解决如何使用节点 oidc 提供程序更改访问令牌格式
我在我的项目中实现了 node oidc Provider,我也得到了 access_token。但在不同格式的访问令牌中。如何更改 jwt 令牌格式,我将更改 access_token 格式添加到 jwt 但它无法工作。如何解决这个问题,我还需要如何设置适配器配置。
Configuration.ts
const oidc = new Provider('http://localhost:3000',{
adapter:SequelizeAdapter,clients: [
{
client_id: 'oidcclIENT',client_secret: '...',grant_types: ['refresh_token','authorization_code'],redirect_uris: ['http://sso-client.dev/providers/7/open_id','http://sso-client.dev/providers/8/open_id'],}
],interactions: {
url(ctx,interaction) { // eslint-disable-line no-unused-vars
return `/interaction/${interaction.uid}`;
},},cookies: {
keys: ['some secret key','and also the old rotated away some time ago','and one more'],claims: {
address: ['address'],email: ['email','email_verified'],phone: ['phone_number','phone_number_verified'],profile: ['birthdate','family_name','gender','given_name','locale','middle_name','name','nickname','picture','preferred_username','profile','updated_at','website','zoneinfo'],format:{
Accesstoken:'jwt'
},features: {
devInteractions: { enabled: true },// defaults to true
mTLS: {
enabled: true,certificateBoundAccesstokens: true,selfSignedTlsClientAuth: true,getCertificate(ctx) {
return unescape(ctx.get('x-ssl-client-cert').replace(/\+/g,' '));
},certificateAuthorized(ctx) {
return ctx.get('x-ssl-client-verify') === 'SUCCESS';
},certificateSubjectMatches(ctx,property,expected) {
if (property !== 'tls_client_auth_subject_dn') {
}
return ctx.get('x-ssl-client-s-dn') === expected;
},claimsParameter: { enabled: true },deviceFlow: { enabled: true },dPoP: { enabled: true },encryption: { enabled: true },jwtUserinfo: { enabled: true },introspection: { enabled: true },registration: { enabled: true },registrationManagement: { enabled: true,rotateRegistrationAccesstoken: true },jwtResponseModes: { enabled: true },pushedAuthorizationRequests: { enabled: true },requestObjects: {
request: true,requestUri: true,mode: 'strict',// deviceFlow: { enabled: true },// defaults to false
revocation: { enabled: true },// defaults to false
userinfo: {enable:true}
},findAccount: Account.findAccount,issueRefreshToken: async (ctx,client,code) => {
return client.grantTypeAllowed('refresh_token') && (code.scopes.has('offline_access') || code.scopes.has('openid') || code.scopes.has('token'));
},jwks: {
keys: [
{
d: 'VEZOsY07JTFzGTqv6cC2Y32vsfChind2I_TTuvV225_-0zrSej3XLRg8iE_u0-3GsgiGi4WImmTwmEgLo4Qp3uEcxCYbt4NMJC7fwT2i3dfRZjtZ4yJwFl0SIj8TgfQ8ptwZbFZUlcHGXZIr4nL8GXyQT0CK8wy4COfmymHrrUoyfZA154ql_OsoiupSUCRcKVvZj2JHL2KILsq_sh_l7g2dqAN8D7jYfJ58MkqlknBMa2-zi5I0-1JUOwztVNml_zGrp27UbEU60RqV3GHjoqwI6m01U7K0a8Q_SQAKYGqgepbAYOA-P4_TLl5KC4-WWBZu_rVfwgSENwWNEhw8oQ',dp: 'E1Y-SN4bQqX7kP-bNgZ_gEv-pixJ5F_EGocHKfS56jtzRqQdTurrk4jIVpI-ZITA88lWAHxjD-OaoJUh9Jupd_lwD5Si80PyVxOMI2xaGQiF0lbKJfD38Sh8frRpgelZVaK_gm834B6SLfxKdNsP04DsJqGKktODF_fZeaGFPH0',dq: 'F90JPxevQYOlAgEH0TUt1-3_hyxY6cfPRU2HQBaahyWrtcwpaOzenKZnvGFZdg-BuLVKjCchq3G_70OLE-XDP_ol0UTJmDTT-WyuJQdEMpt_WFF9yJGoeIu8yohfeLatU-67ukjghJ0s9CBzNE_LrGEV6Cup3FXywpSYZAV3iqc',e: 'AQAB',kty: 'RSA',n: 'xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cclXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ',p: '5wC6nY6Ev5FqcLPCqn9fC6R9KUuBej6NaAVOKW7GXiOJAq2WrileGKfMc9kIny20zW3uWkRLm-O-3Yzze1zFpxmqvsvCxZ5ERVZ6leiNXSu3tez71ZZwp0O9gys4knjri-9w46l_vFuRtjL6XEeFfheZFaNJpz-lcnb3w0okrbM',q: '3I1qeEDslZFB8iNfpKAdWtz_Wzm6-jayT_V6aIvhvMj5mnU-Xpj75zLPQSGa9wunMlOoZW9w1wDO1FVuDhwzeOJaTm-Ds0MezeC4U6nVGyyDHb4cua3ml2tzt4yLrqGYMT7XbADSvuWYADHw79OFjEi4T3s3tJymhaBvy1ulv8M',qi: 'wSbXte9PcPtr788e713KHQ4waE26CzoXx-JNOgN0iqJMN6C4_XJEX-cSvCZDf4rh7xpXN6SGLVd5ibIyDJi7bbi5EQ5AXjazPbLBjRthcGXsIuZ3AtQyR0CEWNSdM7EyM5TRdyZQ9kftfz9nI03guW3iKKASETqX2vh0Z8XRjyU',use: 'sig',{
crv: 'P-256',d: 'K9xfPv773dZR22TVUB80xouzdF7qCg5cWjPjkHyv7Ws',kty: 'EC',x: 'FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4',y: '_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4',],ttl: {
Accesstoken: 24*60*60,//3600,AuthorizationCode: 24*60*60,//600,ClientCredentials: 24*60*60,DeviceCode: 24*60*60,IdToken: 24*60*60,RefreshToken: 24*60*60,//1209600,});
解决方法
这是由于 nod oidc 提供程序版本而发生的。使用 ver#7,而不是格式:{Access token:'jwt'}(在 ver#6 中完美运行),您需要提供 resourceIndicators。
点击此链接了解更多信息,Panva(Filip Skoken,图书馆作者)已经给出了详细信息。
关于获取 JWT 令牌的讨论。: https://github.com/panva/node-oidc-provider/discussions/959
资源指标: https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#featuresresourceindicators
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
