即使用户登录，wolkenkit 也会重定向到 Auth0 [英] wolkenkit redirects to Auth0 even when user is logged in

问题描述

我只是尝试按照 wolkenkit 文档使用聊天模板测试 wolkenkit 的身份验证.用户登录似乎有效，但即使用户已经登录(没有客户端调用 auth.login 方法)，用户也会被重定向到 Auth0.

I just tried to test wolkenkit’s authentication with the chat template following the wolkenkit docs. User login seems to work, but the user is redirected to Auth0 even when they're already logged in (without the client calling the auth.login method).

这是来自客户端的代码片段:

Here’s a code snippet from the client:

wolkenkit.connect({
    host: 'local.wolkenkit.io',
    port: 3000,
    authentication: new wolkenkit.authentication.OpenIdConnect({
        identityProviderUrl: 'https://<myIdentity>.eu.auth0.com/authorize',
        clientId: '<myClientID>',
        strictMode: false
    })
}).
    then(chat => {
        console.log("chat.auth.isLoggedIn() = " + chat.auth.isLoggedIn());
        console.log(chat.auth.getProfile());
        if (!chat.auth.isLoggedIn()) {
            return chat.auth.login();
        }
    });

在package.json中，身份提供者配置如下:

In package.json, the identity provider is configured as followed:

"wolkenkit": {
    "environments": {
      "default": {
        "identityProvider": {
          "name": "https://<myIdentity>.eu.auth0.com/",
          "certificate": "/server/keys/<myIdentity>.eu.auth0.com"
        },...

清除 cookie 后的浏览器日志(我审查了提供者身份和 chat.auth.getProfile() 返回的对象):

Browser log after clearing cookies (I censored the provider identity and the object returned by chat.auth.getProfile()):

Navigated to http://local.wolkenkit.io:8080/
index.js:14 chat.auth.isLoggedIn() = false
index.js:15 undefined
Navigated to https://<myIdentity>.eu.auth0.com/login?client=<clientID>...

Navigated to http://local.wolkenkit.io:8080/
index.js:14 chat.auth.isLoggedIn() = true
index.js:15 {iss: "https://<myIdentity>.eu.auth0.com/", sub: "auth0|...", aud: "...", iat: ..., exp: ..., …}
Navigated to https://<myIdentity>.eu.auth0.com/login?client=<clientID>...

推荐答案

虽然您配置了身份验证但被重定向通常意味着配置身份验证的方式存在错误.

Being redirected although you configured authentication typically means that there is an error in the way the authentication is configured.

您可能需要检查这些设置:

You might want to check these settings:

• 令牌必须使用 RS256 签名，而不是 HS256(对于某些帐户，这似乎是 Auth0 的默认值).要找出正在使用的签名算法，请从浏览器的本地存储中获取令牌并将其粘贴到 JWT 调试器.然后您可以看到令牌是如何签名的.如果您需要更改签名算法，您可以在 Auth0 中客户端的高级设置中找到它.
• 使用完全相同的调试器，您还可以验证您使用的令牌和证书是否相互匹配.如果没有，您可能复制了错误的证书，或者您配置了指向错误证书的路径.
• 证书文件必须命名为certificate.pem.如果它有另一个名称，或者 package.json 中的路径不正确，wolkenkit 甚至不应该启动应用程序，但要确保仔细检查文件名称是否正确.
• 在 package.json 中，除了证书的路径之外，您还必须提供您使用的身份提供者的名称，在您的情况下，这是 https://<myIdentity>.eu.auth0.com/.请注意，此必须完全匹配令牌中的 iss 声明.令牌中的声明通常包含尾部斜杠，而 package.json 中的值不包含.如果它们不同，请使用 package.json 中的令牌值.

• The token must be signed using RS256, not HS256 (which, for some accounts, seems to be the default of Auth0). To find out which signature algorithm is being used, get the token from the browser's local storage and paste it into the JWT debugger. Then you can see how the token was signed. If you need to change the signature algorithm, you can find this in the Advanced Settings of your client in Auth0.
• Using the very same debugger you can also verify whether the token and the certificate you are using match each other. If they don't, you probably have copied the wrong certificate, or you have configured the path to point to a wrong certificate.
• The certificate file must be named certificate.pem. If it has another name, or the path in package.json is incorrect, wolkenkit should not even start the application, but to be sure double-check that the file is named correctly.
• In the package.json, besides the path to the certificate, you also have to provide the name of the identity provider you use, in your case this is https://<myIdentity>.eu.auth0.com/. Please note that this must exactly match the iss claim within the token. Often the claim in the token contains a trailing slash, while the value in package.json does not. If they differ, use the token's value in package.json.

完成更改后，请确保清空本地存储，并使用以下命令重新启动 wolkenkit 应用程序(否则您的更改将不会生效):

Once you have made your changes, make sure to empty local storage, and to restart your wolkenkit application using the following command (otherwise your changes won't become effective):

$ wolkenkit restart

希望这有帮助:-)

这篇关于即使用户登录，wolkenkit 也会重定向到 Auth0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！