OmniAuth 单点登录与设计,invalid_credentials [英] OmniAuth Single Sign On with Devise, invalid_credentials
问题描述
我有 3 个网络应用程序 - A、B 和 C.应用程序 A 包含用户数据库.如果访问 App B 和 App C,我希望用户被重定向到 App A 进行身份验证,然后返回到他们尝试访问的任何应用程序.同时,他们应该登录所有应用程序.除非有人有更好的解决方案,否则我采用了 这篇博文.
I have 3 web apps - A, B and C. App A contains the user database. If accessing App B and App C, I would like the user to be redirected to App A to be authenticated, and then be returned back to whichever app they tried to access. At the same time, they should be logged in to all apps. Unless anyone has a better solution, I have gone with an OmniAuth/Devise combo solution as described in this blog post.
我已经将示例应用 A 和示例应用 B/C 分叉并更新到 Rais 3.1.2.
I have forked and updated to Rais 3.1.2 a sample App A and a sample app B/C.
应用 A - 提供者 - https://github.com/RobZolkos/sso-devise-omniauth-provider
App A - Provider - https://github.com/RobZolkos/sso-devise-omniauth-provider
应用 B/C - 客户端 - https://github.com/RobZolkos/sso-devise-omniauth-client
App B/C - Client - https://github.com/RobZolkos/sso-devise-omniauth-client
这些示例应用程序可以工作,我被重定向到提供程序应用程序进行身份验证,但它似乎没有进行身份验证.我在这里附上了日志.提供者似乎通过了动作,但随后在日志的第 26 行,您可以看到似乎存在身份验证问题.
These sample apps work, and I am get redirected to the Provider App to authenticate however it doesn't seem to authenticate. I have attached the log here. The provider seems to go through the motions, but then on line 26 of the log you can see that there seems to be an authentication issue.
我是否遗漏了一些让这些示例应用正常工作的简单方法?
Am I missing something simple to make these sample apps work?
推荐答案
我发现了两个问题:
- 从 0.2.1 版本开始,omniauth 在获取访问权限(POST/oauth/token 请求)时将 auth 参数名称从
access_token更改为oauth_token. - 自 0.3.0 版本以来,omniauth 更改了在身份验证请求 (GET/auth/josh_id/user.json) 中传递
oauth_token的方法.之前的 0.3.0 令牌已通过请求参数 oauth_token 传递,但从 0.3.0 开始,它通过 HTTP_AUTHORIZATION 标头传递.
- Since 0.2.1 version omniauth has changed auth parameter name from
access_tokentooauth_tokenwhile fetching access (POST /oauth/token request). - Since 0.3.0 version omniauth has changed method of passing
oauth_tokenin auth request (GET /auth/josh_id/user.json). Prior 0.3.0 token have been passed through request parameter oauth_token, but since 0.3.0 it become passed through HTTP_AUTHORIZATION header.
我不知道如何很好地从标头中获取令牌(我认为它可以通过设计获取),所以我丑陋的黑客客户端通过这样的 GET 参数发送 oauth_token(在 lib/josh_id.rb 中):
I don't know how to nicely get token from header (I think it can be fetched by devise), so I ugly hack client for sending oauth_token through GET parameter like this (in lib/josh_id.rb):
def raw_info
@raw_info ||= access_token.get("/auth/josh_id/user.json?oauth_token=#{access_token.token}").parsed
end
您可以在我们的 github 存储库中找到完全可行的代码:
You can find fully workable code in our github repos:
- https://github.com/openteam/sso-devise-omniauth-client
- https://github.com/openteam/sso-devise-omniauth-provider
这篇关于OmniAuth 单点登录与设计,invalid_credentials的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
