配置 express 的认证中间件 passport

const{ Strategy } = require('openid-client');
const passport = require('passport');

function openidPassport(client, params) {
  passport.serializeUser((user, done) => {
    done(null, user);
  });
  passport.deserializeUser((user, done) => {
    done(null, user);
  });
  passport.use('open-id', new Strategy({ client, params }, async (tokenset, userinfo, done) => {
    try {
      ...
      console.log('tokenset', tokenset);
      console.log('access_token', tokenset.access_token);
      console.log('id_token', tokenset.id_token);
      console.log('claims', tokenset.claims);
      console.log('userinfo', userinfo);

      let user = User.findOne({ email: userinfo.email });
      if (!user) return done(null, false, { message: 'Not Found.' });
      user.tokenset = tokenset;

      return done(null, user);
      );
    } catch (error) {
      return done(null, false, { message: error.message });
    }
  }));
  return passport;
}

tokenset：从 OP 获得的各种令牌，包括 access_token，refresh_token，id_token 。

userinfo：从 OP 获得的用户信息，具体范围可以通过上一步骤的 params 中的 scope 进行控制。

步骤三：Passport Openid Strategy 配置

results matching ""

No results matching ""