如何使用ExpressJS在mountPath上安装node-oidc-provider?

问题描述

我正在使用node-oidc-providerv6.29.3)库来构建简单的OIDC Connect模拟服务,并且在尝试将提供程序安装到特定的mountPath时遇到问题。如果将其安装在/上,一切正常,但是尝试安装在/oidc上却无法正常工作,因为node-oidc-provider的内部忽略了mountPath

我的设置大致如下:

const path = require('path')
const express = require('express')
const { Provider } = require('oidc-provider')

const configuration = require('src/utils/oidc')
const Account = require('src/account')

configuration.findAccount = Account.findAccount
const app = express()

app.set('views',path.join(__dirname,'..','views'))
app.set('view engine','ejs')

const mountPath = '/oidc'
const issuer = 'http://localhost:3000' + mountPath

const provider = new Provider(issuer,configuration)
app.use(mountPath,provider.callback)

app.listen(3000).then(() => {
  console.log('started')
})

我能够连接到http://localhost:3000/oidc/.well-kNown/openid-configuration并接收

{
  "authorization_endpoint":"http://localhost:3000/oidc/auth","device_authorization_endpoint":"http://localhost:3000/oidc/device/auth","claims_parameter_supported":false,"claims_supported":[
    "sub","email","givenname","surname","memberOf","publishers","sid","auth_time","iss"
  ],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"http://localhost:3000/oidc/session/end","grant_types_supported":[
    "implicit","authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:device_code"
  ],"id_token_signing_alg_values_supported":["HS256","PS256","RS256","ES256"],"issuer":"http://localhost:3000/oidc","jwks_uri":"http://localhost:3000/oidc/jwks","response_modes_supported":["form_post","fragment","query"],"response_types_supported":["code id_token","code","id_token","none"],"scopes_supported":["openid","offline_access","profile"],"subject_types_supported":["public"],"token_endpoint_auth_methods_supported":[
    "none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt"
  ],"token_endpoint_auth_signing_alg_values_supported":["HS256","ES256","EdDSA"],"token_endpoint":"http://localhost:3000/oidc/token","request_object_signing_alg_values_supported":["HS256","request_parameter_supported":false,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"userinfo_endpoint":"http://localhost:3000/oidc/me","userinfo_signing_alg_values_supported":["HS256","introspection_endpoint":"http://localhost:3000/oidc/token/introspection","introspection_endpoint_auth_methods_supported":[
    "none","introspection_endpoint_auth_signing_alg_values_supported":["HS256","revocation_endpoint":"http://localhost:3000/oidc/token/revocation","revocation_endpoint_auth_methods_supported":[
    "none","revocation_endpoint_auth_signing_alg_values_supported":["HS256","claim_types_supported":["normal"]
}

使用一个简单的测试,所有我登录后我的日志显示(正确)

GET /oidc/auth

但是,在内部,它重定向到:

GET /interaction/znBzRfhyoBTCg1cFcLult

我需要内部重定向才能进入

GET /oidc/interaction/znBzRfhyoBTCg1cFcLult

如何告诉OIDC提供者通过给定的mountPath而不是/进行重定向

解决方法

您将必须配置interactions.url帮助器。有关更多详细信息,请参见documentation

以后,您将必须建立自己的最终用户交互,并且无论如何都要使用它来配置此帮助程序。