需要帮助使用 Passport-azure-ad npm 模块和 OIDCStrategy 获取访问令牌
Need help in getting an access-token using Passport-azure-ad npm module and OIDCStrategy
我正在尝试从我的 NodeJS Express webapp 调用 Microsoft Graph API,但我无法从 AAD 获取访问令牌。
我能够成功登录并能够获取用户的个人资料,(能够获取代码和 id_token)接下来我想获取访问令牌以便我调用 make the Graph Api呼唤。
有人可以帮助我了解如何从 OIDCStrategy 获取访问令牌吗?
我找到了相同的修复程序。
passport.use(new OIDCStrategy({
identityMetadata: configAuth.creds.identityMetadata,
clientID: configAuth.creds.clientID,
responseType: configAuth.creds.responseType,
responseMode: configAuth.creds.responseMode,
redirectUrl: configAuth.creds.redirectUrl,
allowHttpForRedirectUrl: configAuth.creds.allowHttpForRedirectUrl,
clientSecret: configAuth.creds.clientSecret,
validateIssuer: configAuth.creds.validateIssuer,
isB2C: configAuth.creds.isB2C,
issuer: configAuth.creds.issuer,
passReqToCallback: configAuth.creds.passReqToCallback,
scope: configAuth.creds.scope,
loggingLevel: configAuth.creds.loggingLevel,
nonceLifetime: configAuth.creds.nonceLifetime,
nonceMaxAmount: configAuth.creds.nonceMaxAmount,
useCookieInsteadOfSession: configAuth.creds.useCookieInsteadOfSession,
cookieEncryptionKeys: configAuth.creds.cookieEncryptionKeys,
clockSkew: configAuth.creds.clockSkew,
}, (req, iss, sub, profile, access_token, refresh_token, params, done) => {
console.log(`Profile >>>> ${JSON.stringify(profile)}`);
if(!profile.oid) {
return done(new Error("No oid found"), null);
}
profile.tokens = params;
// console.log(`Access-Token >>>> ${access_token}`);
// console.log(`Refresh-Token >>>> ${refresh_token}`);
// console.log(`Profile >>>>>>>>>>>>>> ${JSON.stringify(profile)}`);
process.nextTick(() => {
findByOid(profile.oid, (err, user) => {
if(err) {
return done(err);
}
if(!user) {
users.push(profile);
return done(null, profile);
}
return done(null, user);
});
});
}));
我正在尝试从我的 NodeJS Express webapp 调用 Microsoft Graph API,但我无法从 AAD 获取访问令牌。
我能够成功登录并能够获取用户的个人资料,(能够获取代码和 id_token)接下来我想获取访问令牌以便我调用 make the Graph Api呼唤。
有人可以帮助我了解如何从 OIDCStrategy 获取访问令牌吗?
我找到了相同的修复程序。
passport.use(new OIDCStrategy({
identityMetadata: configAuth.creds.identityMetadata,
clientID: configAuth.creds.clientID,
responseType: configAuth.creds.responseType,
responseMode: configAuth.creds.responseMode,
redirectUrl: configAuth.creds.redirectUrl,
allowHttpForRedirectUrl: configAuth.creds.allowHttpForRedirectUrl,
clientSecret: configAuth.creds.clientSecret,
validateIssuer: configAuth.creds.validateIssuer,
isB2C: configAuth.creds.isB2C,
issuer: configAuth.creds.issuer,
passReqToCallback: configAuth.creds.passReqToCallback,
scope: configAuth.creds.scope,
loggingLevel: configAuth.creds.loggingLevel,
nonceLifetime: configAuth.creds.nonceLifetime,
nonceMaxAmount: configAuth.creds.nonceMaxAmount,
useCookieInsteadOfSession: configAuth.creds.useCookieInsteadOfSession,
cookieEncryptionKeys: configAuth.creds.cookieEncryptionKeys,
clockSkew: configAuth.creds.clockSkew,
}, (req, iss, sub, profile, access_token, refresh_token, params, done) => {
console.log(`Profile >>>> ${JSON.stringify(profile)}`);
if(!profile.oid) {
return done(new Error("No oid found"), null);
}
profile.tokens = params;
// console.log(`Access-Token >>>> ${access_token}`);
// console.log(`Refresh-Token >>>> ${refresh_token}`);
// console.log(`Profile >>>>>>>>>>>>>> ${JSON.stringify(profile)}`);
process.nextTick(() => {
findByOid(profile.oid, (err, user) => {
if(err) {
return done(err);
}
if(!user) {
users.push(profile);
return done(null, profile);
}
return done(null, user);
});
});
}));