如何解决如何在节点 OIDC provider 中获取授权码
我在 Node JS 中实现了 node-OIDC-Provider 我得到了 Id-token 但我需要授权代码。所以,当我点击这个 Api(http://localhost:3000/auth?client_id=oidcclIENT&response_type=code&scope=openid&redirect_uri=http://localhost:3000) 时,它抛出了一个错误(' http://localhost:3000/?error=invalid_request&error_description=Authorization%20Server%20policy%20requires%20PKCE%20to%20be%20used%20for%20this%20request')。如何修复此错误并获取授权码
示例.js
const { Provider } = require('oidc-provider');
var express = require('express')
var app = express()
const oidc = new Provider('http://localhost:3000',{
clients: [
{
client_id: 'oidcclIENT',client_secret: '...',grant_types: ['refresh_token','authorization_code'],redirect_uris: ['http://localhost:3000'],}
],interactions: {
url(ctx,interaction) { // eslint-disable-line no-unused-vars
return `/interaction/${interaction.uid}`;
},},cookies: {
keys: ['some secret key','and also the old rotated away some time ago','and one more'],claims: {
address: ['address'],email: ['email','email_verified'],phone: ['phone_number','phone_number_verified'],profile: ['birthdate','family_name','gender','given_name','locale','middle_name','name','nickname','picture','preferred_username','profile','updated_at','website','zoneinfo'],features: {
devInteractions: { enabled: false },// defaults to true
deviceFlow: { enabled: true },// defaults to false
revocation: { enabled: true },// defaults to false
},jwks: {
keys: [
{
d: 'VEZOsY07JTFzGTqv6cC2Y32vsfChind2I_TTuvV225_-0zrSej3XLRg8iE_u0-3GsgiGi4WImmTwmEgLo4Qp3uEcxCYbt4NMJC7fwT2i3dfRZjtZ4yJwFl0SIj8TgfQ8ptwZbFZUlcHGXZIr4nL8GXyQT0CK8wy4COfmymHrrUoyfZA154ql_OsoiupSUCRcKVvZj2JHL2KILsq_sh_l7g2dqAN8D7jYfJ58MkqlknBMa2-zi5I0-1JUOwztVNml_zGrp27UbEU60RqV3GHjoqwI6m01U7K0a8Q_SQAKYGqgepbAYOA-P4_TLl5KC4-WWBZu_rVfwgSENwWNEhw8oQ',dp: 'E1Y-SN4bQqX7kP-bNgZ_gEv-pixJ5F_EGocHKfS56jtzRqQdTurrk4jIVpI-ZITA88lWAHxjD-OaoJUh9Jupd_lwD5Si80PyVxOMI2xaGQiF0lbKJfD38Sh8frRpgelZVaK_gm834B6SLfxKdNsP04DsJqGKktODF_fZeaGFPH0',dq: 'F90JPxevQYOlAgEH0TUt1-3_hyxY6cfPRU2HQBaahyWrtcwpaOzenKZnvGFZdg-BuLVKjCchq3G_70OLE-XDP_ol0UTJmDTT-WyuJQdEMpt_WFF9yJGoeIu8yohfeLatU-67ukjghJ0s9CBzNE_LrGEV6Cup3FXywpSYZAV3iqc',e: 'AQAB',kty: 'RSA',n: 'xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cclXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ',p: '5wC6nY6Ev5FqcLPCqn9fC6R9KUuBej6NaAVOKW7GXiOJAq2WrileGKfMc9kIny20zW3uWkRLm-O-3Yzze1zFpxmqvsvCxZ5ERVZ6leiNXSu3tez71ZZwp0O9gys4knjri-9w46l_vFuRtjL6XEeFfheZFaNJpz-lcnb3w0okrbM',q: '3I1qeEDslZFB8iNfpKAdWtz_Wzm6-jayT_V6aIvhvMj5mnU-Xpj75zLPQSGa9wunMlOoZW9w1wDO1FVuDhwzeOJaTm-Ds0MezeC4U6nVGyyDHb4cua3ml2tzt4yLrqGYMT7XbADSvuWYADHw79OFjEi4T3s3tJymhaBvy1ulv8M',qi: 'wSbXte9PcPtr788e713KHQ4waE26CzoXx-JNOgN0iqJMN6C4_XJEX-cSvCZDf4rh7xpXN6SGLVd5ibIyDJi7bbi5EQ5AXjazPbLBjRthcGXsIuZ3AtQyR0CEWNSdM7EyM5TRdyZQ9kftfz9nI03guW3iKKASETqX2vh0Z8XRjyU',use: 'sig',{
crv: 'P-256',d: 'K9xfPv773dZR22TVUB80xouzdF7qCg5cWjPjkHyv7Ws',kty: 'EC',x: 'FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4',y: '_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4',],});
// express/nodejs style application callback (req,res,next) for use with express apps,see /examples/express.js
app.get('/sample',function (req,res) {
res.send('hello world')
})
app.use(oidc.callback())
// or just expose a server standalone,see /examples/standalone.js
const server = app.listen(3000,() => {
console.log('oidc-provider listening on port 3000,check http://localhost:3000/.well-kNown/openid-configuration');
});
如何使用节点在OIDC中设置授权服务器策略(授权服务器策略需要PKCE用于此请求')
解决方法
我相信您需要设置这些选项:
pkce: {
required: true
},token_endpoint_auth_method: "none"
此外,如果使用 PKCE,您应该发送标准的 code_challenge 和 code_verifier 方法,如我的 blog post 的第 4 步和第 8 步。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
