电子Auth0Lock“原始文件://不允许" [英] Electron Auth0Lock "Origin file:// not allowed"

问题描述

试图使auth0与我的电子应用程序一起使用.当我遵循默认教程并尝试使用Username-Password-Authentication进行身份验证时，锁将失败并显示403错误，并显示不允许源文件://".

Trying to get auth0 working with my electron app. When I follow the default tutorial and try to authenticate with Username-Password-Authentication, the lock fails with a 403 error and responds with "Origin file:// is not allowed".

我还在auth0信息中心的客户端设置的允许的来源(CORS)部分中添加了"file://*".

I've also added "file://*" to the Allowed Origins (CORS) section of my client settings in the auth0 dashboard.

使用控制台错误的Auth0锁定

原始文件://不允许

锁定电子设置

var lock = new Auth0Lock(
   'McQ0ls5GmkJRC1slHwNQ0585MJknnK0L', 
   'lpsd.auth0.com', {
    auth: {
            redirect: false,
            sso: false
    }
});

document.getElementById('pill_login').addEventListener('click', function (e) {
    e.preventDefault();
    lock.show();
})

推荐答案

通过使用电子应用程序中的内部快递服务器来处理服务页面，我能够使Auth0正常工作.

I was able to get Auth0 to work by using an internal express server in my electron app to handle serving pages.

首先，我在我的项目中名为http的单独文件夹中创建了一个基本的Express应用程序，此处将提供要服务的Express服务器代码和html文件.

First I created a basic express app in a separate folder in my project called http, here will be the express server code and html files to serve.

const path = require('path');

const express = require('express');
const app = express();

app.use(express.static(process.env.P_DIR)); // Serve static files from the Parent Directory (Passed when child proccess is spawned).

app.use((req, res, next) => {
    res.setHeader('Access-Control-Allow-Origin', 'http://localhost:<PORT>'); // Set this header to allow redirection from localhost to auth0
    next();
})


// Default page to serve electron app
app.get('/index', (req, res) => {
    res.sendFile(__dirname + '/index.html');
})

// Callback for Auth0
app.get('/auth/callback', (req, res) => {
    res.redirect('/index'); 
})

// Listen on some port
app.listen(&lt;SOME_PORT&gt;, (err) => {
    if (err) console.log(err);
    console.log('HTTP Server running on ...');
});

然后在Electron主进程中，我将Express服务器作为子进程生成

Then in the Electron main process, I spawn the express server as a child process

const {spawn} = require('child_process');

const http = spawn('node', ['./dist/http/page-server.js'], {
    env: {
        P_DIR: __dirname // Pass the current dir to the child process as an env variable, this is for serving static files in the project
    }
});

// Log standard output
http.stdout.on('data', (data) => {
    console.log(data.toString());
})

// Log errors
http.stderr.on('data', (data) => {
    console.log(data.toString());
})

现在auth0锁将按预期进行身份验证.

Now the auth0 lock authenticates as expected.

这篇关于电子Auth0Lock“原始文件://不允许"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！