护照的NodeJS认证令牌 [英] nodejs passport authentication token

查看:277
本文介绍了护照的NodeJS认证令牌的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我写一个应用程序的NodeJS,我想既是一个Web应用程序,以及一个API提供商使用。一旦用户被认证,我想给该用户分配一个令牌以用于后续请求。这与护照为Web应用程序的伟大工程,正如我刚才序列,并与会话令牌反序列化的用户。然而,响应于API请求时,没有cookie来设置以存储的会话信息。理想情况下,护照将寻求无论是在会议,并请求主体的标记。有什么办法来配置护照做到这一点?


解决方案

只需使用访问令牌在每次请求。使用会话不是必要的。下面是工作流

  POST /登入


  1. 的用户名和密码张贴在客户端请求。

  2. 服务器进行身份验证使用护照的本地策略的用户。请参见护照本地

  3. 如果凭据重新present的有效用户,服务器返回一些生成器生成的访问令牌。 节点智威汤逊 - 简单是一个不错的选择。

  4. 如果凭证无效,重定向到 /登入

当客户端从授权服务器接收的访问令牌,就可以再进行服务器上请求保护的资源。例如:

GET / API / V1 / somefunction?记号='abcedf'


  1. 客户端调用与令牌参数一些服务器API。

  2. 服务器进行身份验证使用护照的承载战略令牌。请参见护照-HTTP-承载

参考

<一个href=\"http://stackoverflow.com/questions/13933980/make-a-secure-oauth-api-with-passport-js-and-ex$p$pss-js-node-js\">Make一个安全的OAuth API与passport.js和前press.js(node.js的)

I am writing a nodejs application that I would like to use as both a web application, as well as an API provider. Once a user is authenticated, I want to assign that user a token to be used for subsequent requests. This works great with passport for the web application, as I just serialize and deserialize the user with the token in the session. However, when responding to API requests, there is no cookie to set to store the session information. Ideally, passport would look for the token both in session and the request body. Is there any way to configure passport to accomplish this?

解决方案

Simply use the access token on every request. Using a session is NOT needed. The following is the workflow:

POST /signin

  1. The username and password are posted in the client request.
  2. The server authenticates the user by using passport's Local Strategy. See passport-local.
  3. If the credentials represent a valid user, the server returns the access token generated by some generator. node-jwt-simple is a good choice.
  4. If the credentials are invalid, redirect to /signin.

When the client receives the access token from the authorization server, it can then make requests to protected resources on the server. For example:

GET /api/v1/somefunction?token='abcedf'

  1. The client calls some server api with the token argument.
  2. The server authenticates the token by using passport's Bearer Strategy. See passport-http-bearer.

References

Make a secure oauth API with passport.js and express.js (node.js)

这篇关于护照的NodeJS认证令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
ASP .NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆