我正在尝试将其本地护照策略替换为passport-openidconnect策略。
问题是,我想保留我的自定义登录界面,而无需重定向到OIDC身份验证器网站进行身份验证。
本地护照策略如下所示,如果我在登录页面上单击登录,则可以使用:
export const loginStrategy = new LocalStrategy({
usernameField: 'email',
passwordField: 'password',
session: false,
passReqToCallback: true,
}, (req, email, password, done) => {
const userData = {
email: email.trim(),
password: password.trim(),
};
if ( !userData.email || !userData.password ) {
const error = new Error('Missing credential inputs');
return done(error);
}
return UserModel.findOne({ email:userData.email }, (err, user) => {
if (err) return done(err);
if (!user) {
const error = new Error('Incorrect email or password');
return done(error);
}
return user.comparePassword(userData.password, (pwErr, isMatch) => {
if (err) return done(err);
if (!isMatch) {
const error = new Error('Incorrect email or password');
return done(error);
}
const payload = { sub: user._id };
const token = jwt.sign(payload, jwtSecret);
const data = {
username: user.username,
email: user.email,
fullname: user.fullname,
role: user.role,
affiliate: user.affiliate,
};
return done(null, token, data);
});
});
});
我的openid-connect策略看起来像这样:
export const loginStrategy = new OidcStrategy({
issuer: 'https://okta.com/oauth2/default',
authorizationURL: 'https://okta.com/oauth2/default/v1/authorize',
tokenURL: 'https://okta.com/oauth2/default/v1/token',
userInfoURL: 'https://okta.com/oauth2/default/v1/userinfo',
clientID: 'bar',
clientSecret: 'foo',
callbackURL: 'http://localhost:8300/authorization-code/callback',
scope: 'openid profile email',
}, (issuer, sub, profile, accessToken, refreshToken, done) => {
// console.log(sub);
const token = accessToken;
const data = {
username: profile._json.given_name,
email: profile._json.email,
fullname: profile._json.name,
role: profile._json.user,
affiliate: profile._json.affiliate,
};
// console.log(data);
return done(null, token, data);
});
有什么办法可以保留我的自定义登录屏幕并向ist添加开放ID连接身份验证?
更好的方法是在OIDC Authenticator提供者的网站上创建自定义登录主题。