如何诊断passport.authenticate? [英] How to diagnose passport.authenticate?
问题描述
由于函数没有返回值 - 我如何确定导致函数失败的原因.我有以下代码:
Since the function has no return value - how can I identify what's causing the function to fail. I have the following code:
function test(req : IncomingMessage, res :ServerResponse, next:(err:any)=>void) {
passport.authenticate('google', {scope:['https://www.googleapis.com/auth/userinfo.email']})(req, res,next);
//how do I get details here
}
我的意思是我知道它失败了,因为没有调用队列中的下一个处理程序,但我如何获得更详细的信息?
I mean I know it's failing since the next handler in line is not called but how do I get more detailed information?
这个函数的实例如下:
export const usersRouter = express
.Router()
.post('/googleLogin', test, async (req, res) => {
const user: User = req.user;
if (!user) {
res.send(401);
}
// const token = getJwtToken(user._id.toHexString());
// res.send({ token });
})
推荐答案
像这样的身份验证工作流 (oauth/openid) 涉及几个步骤.
An authentication workflow such as this (oauth / openid) involves several steps.
将用户重定向到 google 的身份验证服务
redirect the user to google's authentication service
google 对用户进行身份验证并要求用户确认接受/拒绝您的服务
google authenticates the user and ask confirmation from the user to accept/reject your service
如果用户接受谷歌,谷歌会使用访问代码将用户重定向回您服务的回调 uri.
if the user accepts google redirects the user back to your service's callback uri with an access code.
您的服务器(不是用户的浏览器)使用您应用的 ID 和机密(在注册应用时从谷歌发出)以及之前收到的访问代码向谷歌服务器请求访问/刷新令牌.
your server (not the user's browser) request an access/refresh token to google's servers using your app's id and secret (as issued from google when registering the app) and the access code received before.
如果一切顺利,谷歌将向您的服务发出访问/刷新令牌,您必须将其关联到您身边的用户(使用此 google id 的现有用户,或创建一个新用户作为注册,或关联到已登录的用户,如连接帐户).
if all is good, google will issue an access/refresh token to your service that you will have to associate to an user in your side (either an existing user using this google id, or create a new user as in sign up, or associate to an already logged user as in connect account).
为了检查发生了什么,您可以检查您身边的每一步:
In order to inspect what's going on, you can check each step on your side:
这只会将您的用户重定向到谷歌的身份验证服务
This will just redirect your user to google's authentication service
app.get('/auth/google',
passport.authenticate('google', {
scope: ['https://www.googleapis.com/auth/userinfo.email']
});
您将从您的用户界面使用此端点,例如:
you will use this endpoint from your user interface, something like :
<a href="/auth/google">Connect with google</a>
一旦 google 对您的用户进行身份验证并将您的用户重定向回您的服务,这就是用户将被重定向到的端点:
Once google authenticates you user and redirects back your user to your service, this is the endpoint that the user will be redirected to:
app.get('/auth/google/callback',
(req, res, next) => {
// You can inspect google's redirection here
return next();
},
passport.authenticate('google', { failureRedirect: '/login' }),
function(req, res) {
res.redirect('/');
});
此时,passports 将进行身份验证流程,以从 google 请求访问/刷新令牌.当您的服务器向 google 请求访问/刷新令牌时,将调用您的策略定义的回调:
At this point passport will carry on the authentication flow to request an access/refresh token from google. Your strategy definition's callback is invoked when your server is requesting an access/refresh token from google:
passport.use(new GoogleStrategy({
consumerKey: GOOGLE_CONSUMER_KEY,
consumerSecret: GOOGLE_CONSUMER_SECRET,
callbackURL: "http://www.example.com/auth/google/callback"
},
function(token, tokenSecret, profile, done) {
// you can debug google's response here (this is from your server's request)
User.findOrCreate({ googleId: profile.id }, function (err, user) {
return done(err, user);
});
}
));
希望这会有所帮助.
这篇关于如何诊断passport.authenticate?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!