问题描述
我正在使用node-oidc-provider(v6.29.3)库来构建简单的OIDC Connect模拟服务,并且在尝试将提供程序安装到特定的mountPath时遇到问题。如果将其安装在/上,一切正常,但是尝试安装在/oidc上却无法正常工作,因为node-oidc-provider的内部忽略了mountPath。
我的设置大致如下:
const path = require('path')
const express = require('express')
const { Provider } = require('oidc-provider')
const configuration = require('src/utils/oidc')
const Account = require('src/account')
configuration.findAccount = Account.findAccount
const app = express()
app.set('views',path.join(__dirname,'..','views'))
app.set('view engine','ejs')
const mountPath = '/oidc'
const issuer = 'http://localhost:3000' + mountPath
const provider = new Provider(issuer,configuration)
app.use(mountPath,provider.callback)
app.listen(3000).then(() => {
console.log('started')
})
我能够连接到http://localhost:3000/oidc/.well-kNown/openid-configuration并接收
{
"authorization_endpoint":"http://localhost:3000/oidc/auth","device_authorization_endpoint":"http://localhost:3000/oidc/device/auth","claims_parameter_supported":false,"claims_supported":[
"sub","email","givenname","surname","memberOf","publishers","sid","auth_time","iss"
],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"http://localhost:3000/oidc/session/end","grant_types_supported":[
"implicit","authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:device_code"
],"id_token_signing_alg_values_supported":["HS256","PS256","RS256","ES256"],"issuer":"http://localhost:3000/oidc","jwks_uri":"http://localhost:3000/oidc/jwks","response_modes_supported":["form_post","fragment","query"],"response_types_supported":["code id_token","code","id_token","none"],"scopes_supported":["openid","offline_access","profile"],"subject_types_supported":["public"],"token_endpoint_auth_methods_supported":[
"none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt"
],"token_endpoint_auth_signing_alg_values_supported":["HS256","ES256","EdDSA"],"token_endpoint":"http://localhost:3000/oidc/token","request_object_signing_alg_values_supported":["HS256","request_parameter_supported":false,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"userinfo_endpoint":"http://localhost:3000/oidc/me","userinfo_signing_alg_values_supported":["HS256","introspection_endpoint":"http://localhost:3000/oidc/token/introspection","introspection_endpoint_auth_methods_supported":[
"none","introspection_endpoint_auth_signing_alg_values_supported":["HS256","revocation_endpoint":"http://localhost:3000/oidc/token/revocation","revocation_endpoint_auth_methods_supported":[
"none","revocation_endpoint_auth_signing_alg_values_supported":["HS256","claim_types_supported":["normal"]
}
GET /oidc/auth
但是,在内部,它重定向到:
GET /interaction/znBzRfhyoBTCg1cFcLult
我需要内部重定向才能进入
GET /oidc/interaction/znBzRfhyoBTCg1cFcLult
如何告诉OIDC提供者通过给定的mountPath而不是/进行重定向?
解决方法
您将必须配置interactions.url帮助器。有关更多详细信息,请参见documentation。
以后,您将必须建立自己的最终用户交互,并且无论如何都要使用它来配置此帮助程序。