在NodeJS API中验证Identity Server令牌 [英] Validate Identity Server token in NodeJS API
问题描述
我有一个令牌,它已由Identity Server
(IDP)发行,然后有一个NodeJS
应用程序,并且
我想在NodeJS API中验证该令牌吗?
I have a token that it has been issued by Identity Server
(IDP) and then have a NodeJS
application and
I want to validate that token in NodeJS API?
我正在尝试使用 jose (基于
I'm trying to use jose (based on this) but I did not know how to use it. Is it possible to do it?
注意:
在我的ASP NET CORE API
中,作为客户端,我只需在startup class
中添加以下命令来验证我的API
?
In my ASP NET CORE API
, here that is as a client I have to only add the following command in startup class
to validate my API
?
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
// base-address of your identityserver
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
// name of the API resource
options.ApiName = "api1";
// options.ApiSecret = "xxx";
});
在我的NodeJS api中,像上面的Web api这样的客户端,我应该怎么做?
In my NodeJS api that is as a client like web api above What should I do ?
更新:
我访问了这篇文章,但没有帮助我! 用于NodeJS API的Identity Server 4
I visited this article but I did not helped me ! Identity Server 4 for NodeJS API
推荐答案
If you want only to validate your token you can use the following package:
npm install token-introspection --save
此程序包配置了端点和客户端凭据,并返回了一个函数. 使用令牌和可选的token_type_hint调用该函数将返回一个Promise.
This package is configured with endpoint and client credentials, and a function is returned. Calling that function with token, and optional token_type_hint will return a Promise.
const tokenIntrospection = require('token-introspection')({
endpoint: 'https://example.com/introspect',
client_id: '<Client ID>',
client_secret: '<Client Secret>',
});
tokenIntrospection(token).then(console.log).catch(console.warn);
示例:
这是一个用于验证令牌的中间件:
Here is a middleware to validate the token :
module.exports = (req, res, next) => {
const token = "wEvxS0y2TkvCjLpKP33oGTK0BcKUb6MHt1u3AeMu8h4"; // get your token from your request
const tokenIntrospection = require('token-introspection')({
endpoint: 'http://localhost:5000/connect/introspect',
client_id: 'api1',
client_secret: 'apisecret',
});
tokenIntrospection(token).then(result => {
console.log(result);
next();
}).catch(console.warn);
}
然后您可以按以下方式使用它:
then you can use it as below :
const auth = require('./atuh')
app.get('/', auth, (req, res, next) => {
res.send("Hi");
})
这篇关于在NodeJS API中验证Identity Server令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!