我正在尝试使用我公司的 ADFS 2016 服务器对我的 web 应用程序中的用户进行身份验证。
使用nodejs和express。我能够正确进行身份验证,但没有收到任何用户个人资料信息。我至少需要电子邮件、姓名和姓氏。
这是代码的相关部分:
app.get("/login", (req: Request, res: Response) => {
const redirectUri = `http://localhost:${PORT}/redirect`; // Redirect URI after authentication
const queryParams = new URLSearchParams({
response_type: "code",
client_id: CLIENT_ID,
redirect_uri: redirectUri,
resource: "urn:microsoft:userinfo",
scope: "openid"
});
res.redirect(`${AUTHORITY}/oauth2/authorize?${queryParams}`);
});
app.get("/redirect", async (req: Request, res: Response) => {
const code = req.query.code;
const data = {
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
grant_type: "authorization_code",
code: code,
redirect_uri: `http://localhost:${PORT}/redirect`
};
try {
const response = await axios.post(TOKEN_ENDPOINT, data, {
headers: {
"Content-Type": "application/x-www-form-urlencoded"
}
});
const accessToken = response.data.access_token;
const userInfo = await axios.get(USERINFO_ENDPOINT, {
headers: {
Authorization: `Bearer ${accessToken}`
}
});
res.send("Authenticated successfully:" + JSON.stringify(userInfo.data, null, 2));
} catch (error) {
console.error("Error occurred during authentication:", error);
res.status(500).send("Failed to authenticate");
}
});
app.listen(PORT, () => {
console.log(`Server is running on http://localhost:${PORT}`);
});
目前返回的token有以下属性:
{
"aud": "urn:microsoft:userinfo",
"iss": "http://******/adfs/services/trust",
"iat": 1709024014,
"exp": 1709027614,
"apptype": "Confidential",
"appid": "********",
"authmethod": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"auth_time": "2024-02-27T07:02:54.533Z",
"ver": "1.0",
"scp": "openid",
"sub": "*******"
}
并且 userInfo 对象只包含一个
sub
属性。
{ "sub": "**********" }
我需要更改什么才能请求这些信息?
ADFS 被硬编码为仅返回用户信息的“sub”。
您无法添加其他属性。
最后没必要去拿
USERINFO_ENDPOINT
。
一切都包含在
accessToken
中。
问题是财产
resource: "urn:microsoft:userinfo"
。删除它可以获取电子邮件、名字和姓氏。
app.get("/login", (req: Request, res: Response) => {
const redirectUri = `${DOMAIN}/redirect`; // Redirect URI after authentication
const queryParams = new URLSearchParams({
response_type: "code",
client_id: CLIENT_ID,
redirect_uri: redirectUri,
scope: "openid"
});
res.redirect(`${AUTHORITY}/oauth2/authorize?${queryParams}`);
});
app.get("/redirect", async (req: Request, res: Response) => {
const code = req.query.code;
const data = {
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
grant_type: "authorization_code",
code: code,
redirect_uri: `${DOMAIN}/redirect`
};
try {
const response = await axios.post(TOKEN_ENDPOINT, data, {
headers: {
"Content-Type": "application/x-www-form-urlencoded"
}
});
const accessToken = response.data.access_token;
const decodedToken = ValidateToken(accessToken);
res.send(
"Welcome " +
decodedToken.unique_name +
" " +
decodedToken.family_name +
" " +
decodedToken.primarysid
);
} catch (error) {
console.error("Error occurred during authentication:", error);
res.status(500).send("Failed to authenticate");
}
});
以下为代币界面供参考:
interface AdfsJwt {
aud: string;
iss: string;
iat: number;
exp: number;
apptype: string;
appid: string;
authmethod: string;
auth_time: string;
ver: string;
scp: string;
family_name: string; // Last name
primarysid: string; // Email
unique_name: string; // First name
}