在 auth0 中获取 accessToken [英] Get accessToken in auth0
问题描述
我正在使用 auth0 和 nextJS.
我接下来要做的是:当用户添加他的凭据并登录时,他将被重定向到 callback API.
这里
import auth0 from '../../utils/auth0';导出默认异步函数回调(req,res){尝试 {等待 auth0.handleCallback(req, res, {重定向到:'/'});} 捕捉(错误){控制台错误(错误);res.status(error.status || 400).end(error.message);}}我想根据令牌重定向用户.
解码令牌如果应用程序是简单的用户或管理员,我将获取数据.
如果他是管理员,他应该被重定向到管理页面,如果不是用户页面.
所以我做了这样的事情:
import auth0 from '../../utils/auth0';导出默认异步函数回调(req,res){const tokenCache = auth0.tokenCache(req, res);const { accessToken } = await tokenCache.getAccessToken();控制台日志(访问令牌)尝试 {等待 auth0.handleCallback(req, res, { redirectTo: '/' });} 捕捉(错误){控制台错误(错误);res.status(error.status || 400).end(error.message);}}所以我想在这个函数中获取令牌,以便能够在不同页面上重定向用户,但是如果我想在这里获取令牌,我就会遇到问题:
<块引用>用户没有有效的会话.
如果我删除与令牌相关的代码,用户将被重定向,但我需要在此处获取令牌才能进行用户检查.
我怎样才能在这个 callback 函数中获取令牌并实现我上面描述的?
Using v1.2.0 of the
但是,请记住,您通常应该 避免客户端应用程序查看访问令牌的内部.如果您需要将用户信息中继到客户端,则应将其放在 id_token 中.访问令牌供 API 使用,您的客户端应用程序不应依赖其内容格式或语义,因为访问令牌的设计没有定义格式.
I am using auth0 and nextJS.
I want to do next: When the user will add his credentials and will log in he is redirected to the callback API.
And here
import auth0 from '../../utils/auth0';
export default async function callback(req, res) {
try {
await auth0.handleCallback(req, res, {
redirectTo: '/'
});
} catch (error) {
console.error(error);
res.status(error.status || 400).end(error.message);
}
}
I want to redirect the user depending on the token.
Decoding the token I will get data if the application is a simple user or admin.
If he is an admin he should be redirected to the admin page if not to the user page.
So I did something like this:
import auth0 from '../../utils/auth0';
export default async function callback(req, res) {
const tokenCache = auth0.tokenCache(req, res);
const { accessToken } = await tokenCache.getAccessToken();
console.log(accessToken)
try {
await auth0.handleCallback(req, res, { redirectTo: '/' });
} catch (error) {
console.error(error);
res.status(error.status || 400).end(error.message);
}
}
So I want to get the token inside this function to be able to redirect users on different pages, but if I want to get the token here I get the issue:
The user does not have a valid session.
If I delete the code related to the token the user is redirected, but I need to get the token here to be able to do the checking of users.
How could I get the token inside this callback function and achieve what I described above?
Using v1.2.0 of the nextjs-auth0 library, you can access the identity token during the callback handler.
import { handleAuth, handleLogin, handleCallback } from '@auth0/nextjs-auth0';
const afterCallback = (req, res, session, state) => {
console.log(session.idToken);
if (!session.user.isAdmin) {
throw new UnauthorizedError('User is not admin');
}
return session;
}
export default handleAuth({
async callback(req, res) {
try {
await handleCallback(req, res, { afterCallback });
} catch (error) {
res.status(error.status || 500).end(error.message);
}
}
});
However, keep in mind, you should generally avoid looking inside the access token by the client application. If you need to relay user information to the client, you should place it in an id_token. The access token is for use by the API, and your client application should not take any dependency on its content format or semantics since access tokens by design have no defined format.
这篇关于在 auth0 中获取 accessToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
