问题描述
我们有使用 COGNITO Userpools 的应用程序通过 oauth2 启用 SSO;并且成功登录后COGNITO生成令牌并返回; aPI 将使用该令牌进行后续调用;我们的 API 受到 nesTJS AuthGuards 的保护;
问题是,当我们通过在“授权”标头中传递任何垃圾(如“bearer xyz”)来测试 API 时,它可以正常工作并且不会抛出任何错误。
enter code here
export class OAuth2Strategy extends PassportStrategy(Strategy,'oauth2') {
constructor() {
const serverURL = config.get('authDetails.SERVER_URL');
let appRootURL:any = process.env.NODE_ENV === 'localhost' ? 'http://localhost:' + config.get('app.port') : config.get('app.rootUrl');
if (!appRootURL.endsWith('/')) {
appRootURL += '/';
}
const appBaseURL = `${appRootURL}${config.get('globalPrefix')}`;
const loginCallbackURL = `${appBaseURL}/auth/login/callback`;
super({
authorizationURL: `${serverURL}oauth2/authorize`,tokenURL: `${serverURL}oauth2/token`,clientID: config.get('CLIENT_ID'),//clientSecret: config.get('CLIENT_SECRET'),callbackURL: loginCallbackURL,scope: ['openid','profile'],state: (100000000000).toString(36)
},function(accesstoken: string,refreshToken: string,params: any,profile: any,done: VerifyCallback) {
done(null,{
accesstoken: accesstoken
});
});
}
export class BearerStrategy extends PassportStrategy(Strategy,'bearer') {
async validate(accesstoken: string,done: VerifyCallback) {
const user = {
accesstoken
}
done(null,user);
}
}
JWT 策略类
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor() {
console.log(config.get('CLIENT_SECRET'))
console.log(JSON.stringify(ExtractJwt.fromAuthHeaderAsBearerToken()))
super({
secretorKey:
passportJwtSecret({
cache: true,rateLimit: true,jwksRequestsPerMinute: 5,jwksUri: 'https://cognito-idp.us-east-1.amazonaws.com/us-east-XXXX/.well-kNown/jwks.json',}),jwtFromrequest: ExtractJwt.fromAuthHeaderAsBearerToken(),//jwtFromrequest: ExtractJwt.fromAuthHeaderWithScheme('JWT'),// ignoreExpiration: false,// secretorKey: config.get('CLIENT_SECRET'),algorithms:["RS256"],issuer : "https://cognito-idp.us-east-1.amazonaws.com/us-east-XXXX",audience: "client_id1234"
});
}
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor() {
console.log(config.get('CLIENT_SECRET'))
console.log(JSON.stringify(ExtractJwt.fromAuthHeaderAsBearerToken()))
super({
secretorKey:
passportJwtSecret({
cache: true,issuer : "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_XXXX",audience: "client_id12344"
});
}
现在我们使用身份验证保护来保护他们
@ApiTags("Root")
@Get("/lookup")
@UseGuards(AuthGuard("bearer"))
async get() {
return "got the data.."
}
@ApiTags("Root")
@Get("/test")
@UseGuards(AuthGuard("jwt"))
async getSample() {
return "got the data.."
}
不确定为什么 Passport 验证不起作用验证从 Bearer 和 JWT 策略调用的方法。 虽然 Bearer 没有给出错误,但 JWT 抛出“cb: is not a function” nt 完全理解,在 web 中也没有太大帮助。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)