koa护照oauth2将令牌保存为状态 [英] koa passport oauth2 save token to state
问题描述
因此,我试图将访问令牌保存到Koa内的状态,以供以后使用,并节省了将令牌传递给客户端的情况.
So I'm trying to save an access token to the state within Koa, just for use later and saving having to pass it around the client.
按照Koa的护照oauth2文档,我正在努力将所有内容保存为ctx.state ...
Following the passport oauth2 documentation for Koa, I'm struggling to persist anything to ctx.state...
Koa/护照oauth2设置:
server.koaApp.use(koaSession(
{
key: sessionKey,
rolling: true,
maxAge: sessionMaxAge,
sameSite: 'none',
secure: true,
// @ts-ignore
domain: undefined
},
server.koaApp,
));
// set up passport sessions here
function createPassport() {
const passport = new KoaPassport();
passport.use(new OAuth2Strategy({
authorizationURL: oauthClientAuthUrl,
tokenURL: oauthClientTokenUrl,
clientID: oauthClientId,
clientSecret: oauthClientSecret,
callbackURL: oauthClientRedirectUrl,
}, function(accessToken, refreshToken, params, profile, cb) {
cb(null, {id: 'somedudesID', accessToken});
}));
passport.serializeUser((user, done) => {
done(null, user);
});
passport.deserializeUser((user, done) => {
done(null, user);
});
return passport;
};
应设置并读取访问令牌的路由声明:
router.get('/authorize', passport.authenticate('oauth2'), (ctx: any) => {
const { accessToken } = ctx.session.passport.user;
ctx.state.accessToken = accessToken;
ctx.status = 200;
});
router.get('/get-token-from-state', (ctx: any) => {
console.log(ctx.state.accessToken); // undefined
});
问题:
-
为什么要获取
/get-token-from-state时未定义ctx.state.accessToken?
我是否还要像这样持久保存访问令牌?还有其他方法可以在其他路由中获取accessToke吗?
Should I even be trying to persist the access token like this? Is there another way to obtain the accessToke in other routes?
推荐答案
因此,在这里回答我自己的问题是很多事情:
So, answering my own question here, it was a number of things:
- 需要"sameSite:'lax'"
- 该会话的Cookie未被保存在浏览器中,因为域略有关闭(端口号不同).
我能够在本地代理此代理,一切都很好!
I was able to proxy this locally and all good!
这篇关于koa护照oauth2将令牌保存为状态的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
