即使用户登录，wolkenkit也会重定向到Auth0 [英] wolkenkit redirects to Auth0 even when user is logged in

问题描述

我刚刚尝试使用wolkenkit文档之后的聊天模板测试wolkenkit的身份验证.用户登录似乎可以正常工作，但是即使用户已经登录(没有客户端调用auth.login方法)，该用户仍被重定向到Auth0.

I just tried to test wolkenkit’s authentication with the chat template following the wolkenkit docs. User login seems to work, but the user is redirected to Auth0 even when they're already logged in (without the client calling the auth.login method).

这是客户端的代码段:

wolkenkit.connect({
    host: 'local.wolkenkit.io',
    port: 3000,
    authentication: new wolkenkit.authentication.OpenIdConnect({
        identityProviderUrl: 'https://<myIdentity>.eu.auth0.com/authorize',
        clientId: '<myClientID>',
        strictMode: false
    })
}).
    then(chat => {
        console.log("chat.auth.isLoggedIn() = " + chat.auth.isLoggedIn());
        console.log(chat.auth.getProfile());
        if (!chat.auth.isLoggedIn()) {
            return chat.auth.login();
        }
    });

在package.json中，身份提供者的配置如下:

In package.json, the identity provider is configured as followed:

"wolkenkit": {
    "environments": {
      "default": {
        "identityProvider": {
          "name": "https://<myIdentity>.eu.auth0.com/",
          "certificate": "/server/keys/<myIdentity>.eu.auth0.com"
        },...

清除Cookie后的浏览器日志(我检查了提供商身份和chat.auth.getProfile()返回的对象):

Browser log after clearing cookies (I censored the provider identity and the object returned by chat.auth.getProfile()):

Navigated to http://local.wolkenkit.io:8080/
index.js:14 chat.auth.isLoggedIn() = false
index.js:15 undefined
Navigated to https://<myIdentity>.eu.auth0.com/login?client=<clientID>...

Navigated to http://local.wolkenkit.io:8080/
index.js:14 chat.auth.isLoggedIn() = true
index.js:15 {iss: "https://<myIdentity>.eu.auth0.com/", sub: "auth0|...", aud: "...", iat: ..., exp: ..., …}
Navigated to https://<myIdentity>.eu.auth0.com/login?client=<clientID>...

推荐答案

尽管已配置身份验证，但通常会被重定向，这意味着身份验证的配置方式存在错误.

Being redirected although you configured authentication typically means that there is an error in the way the authentication is configured.

您可能要检查以下设置:

You might want to check these settings:

• 令牌必须使用RS256而不是HS256(对于某些帐户，它似乎是Auth0的默认值)进行签名.要找出正在使用的签名算法，请从浏览器的本地存储中获取令牌并将其粘贴到 JWT调试器中.然后，您可以查看令牌的签名方式.如果需要更改签名算法，可以在客户端的Auth0的高级设置中找到它.
• 使用完全相同的调试器，您还可以验证所使用的令牌和证书是否彼此匹配.如果没有，则可能是您复制了错误的证书，或者您配置了指向错误证书的路径.
• 证书文件必须命名为certificate.pem.如果它有另一个名称，或者package.json中的路径不正确，则wolkenkit甚至不应启动该应用程序，但要确保仔细检查该文件的命名是否正确.
• 在package.json中，除了证书的路径外，还必须提供所使用的身份提供者的名称，在本例中为https://<myIdentity>.eu.auth0.com/.请注意，该必须完全与令牌中的iss声明相匹配.令牌中的声明通常包含一个斜杠，而package.json中的值则不包含.如果它们不同，请使用package.json中的令牌值.

• The token must be signed using RS256, not HS256 (which, for some accounts, seems to be the default of Auth0). To find out which signature algorithm is being used, get the token from the browser's local storage and paste it into the JWT debugger. Then you can see how the token was signed. If you need to change the signature algorithm, you can find this in the Advanced Settings of your client in Auth0.
• Using the very same debugger you can also verify whether the token and the certificate you are using match each other. If they don't, you probably have copied the wrong certificate, or you have configured the path to point to a wrong certificate.
• The certificate file must be named certificate.pem. If it has another name, or the path in package.json is incorrect, wolkenkit should not even start the application, but to be sure double-check that the file is named correctly.
• In the package.json, besides the path to the certificate, you also have to provide the name of the identity provider you use, in your case this is https://<myIdentity>.eu.auth0.com/. Please note that this must exactly match the iss claim within the token. Often the claim in the token contains a trailing slash, while the value in package.json does not. If they differ, use the token's value in package.json.

进行更改后，请确保清空本地存储，并使用以下命令重新启动wolkenkit应用程序(否则您的更改将不会生效):

Once you have made your changes, make sure to empty local storage, and to restart your wolkenkit application using the following command (otherwise your changes won't become effective):

$ wolkenkit restart

希望这会有所帮助:-)

Hope this helps :-)

这篇关于即使用户登录，wolkenkit也会重定向到Auth0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！