使用 nodejs 创建 OAuth2 服务器 [英] OAuth2 server creation with nodejs
问题描述
我实际上在研究 REST APIs 安全性,似乎很多人都在使用 OAuth2 和 OpenId 协议来管理身份验证.
I m actually studying REST Apis security, and it seems that many people are using OAuth2 and OpenId protocoles to manage authentication.
我尝试使用以下方法实现两个 OAuth2 服务器:
I have tried to implement two OAuth2 server using :
http://passportjs.org/ for the client side and https://github.com/jaredhanson/oauth2orize for the server side
https://www.npmjs.org/package/node-oauth2-服务器
对于第一个解决方案,运行示例工作正常,但我需要做一些无状态的事情(并且在示例中作者使用会话......)
For the first solution, running the examples is working correctly but I need to make something stateless (and in the example the author uses sessions...)
你能帮我创建最简单的 oauth2 服务器吗?或者默认解释这些库的全部功能?
Can you help me to create the simplest oauth2 server possible or defaultly explaining me the whole functionnement of these libraries ?
感谢提前
推荐答案
我使用 "oauth2-server": "^3.0.0-b2"
var express = require('express');
var oauthServer = require('oauth2-server');
var Request = oauthServer.Request;
var Response = oauthServer.Response;
var authenticate = require('./components/oauth/authenticate')
var app = express();
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
// https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/models.js
var oauth = new oauthServer({
model: require('./models.js')
});
app.all('/oauth/token', function(req,res,next){
var request = new Request(req);
var response = new Response(res);
oauth
.token(request,response)
.then(function(token) {
// Todo: remove unnecessary values in response
return res.json(token)
}).catch(function(err){
return res.status( 500).json(err)
})
});
app.post('/authorise', function(req, res){
var request = new Request(req);
var response = new Response(res);
return oauth.authorize(request, response).then(function(success) {
res.json(success)
}).catch(function(err){
res.status(err.code || 500).json(err)
})
});
app.get('/secure', authenticate(), function(req,res){
res.json({message: 'Secure data'})
});
app.get('/me', authenticate(), function(req,res){
res.json({
me: req.user,
messsage: 'Authorization success, Without Scopes, Try accessing /profile with `profile` scope',
description: 'Try postman https://www.getpostman.com/collections/37afd82600127fbeef28',
more: 'pass `profile` scope while Authorize'
})
});
app.get('/profile', authenticate({scope:'profile'}), function(req,res){
res.json({
profile: req.user
})
});
app.listen(3000);
要模拟,请使用 Postman:https://www.getpostman.com/collections/37afd82600127fbeef28
To simulate, Use Postman: https://www.getpostman.com/collections/37afd82600127fbeef28
MySQL/PostgreSQL/MSSQL 兼容:https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/models.js
MySQL/PostgreSQL/MSSQL Compatiable: https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/components/oauth/models.js
MySQL DDL:https://github.com/manjeshpv/node-oauth2-server-implementation/blob/master/sql/oauth_demo.sql
Mongo 转储:https://github.com/manjeshpv/node-oauth2-server-implementation/tree/master/mongo-dump
请注意,他们有一个问题,需要将 validateScope 函数替换为:
Note that they have an issue there with the validateScope function needs to be replaced with:
function validateScope(user, client) {
return user.scope === client.scope
}
这篇关于使用 nodejs 创建 OAuth2 服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!