我已将 auth0 集成到 remix.run 应用程序中,现在尝试保存登录时发出的访问令牌:
import { createCookieSessionStorage } from "@remix-run/node";
import { getOrThrow } from "~/utils/env";
export const sessionStorage = createCookieSessionStorage({
cookie: {
name: "_session", // use any name you want here
sameSite: "lax", // this helps with CSRF
path: "/", // remember to add this so the cookie will work in all routes
httpOnly: true, // for security reasons, make this cookie http only
secrets: [getOrThrow("SERVER_SESSION_SECRET")], // replace this with an actual secret
secure: process.env.NODE_ENV === "production", // enable this in prod only
},
});
const { getSession, commitSession, destroySession } = sessionStorage;
let auth0Strategy = new Auth0Strategy(
{
callbackURL: getOrThrow("AUTH0_CALLBACK_URL"),
clientID: getOrThrow("AUTH0_CLIENT_ID"),
clientSecret: getOrThrow("AUTH0_CLIENT_SECRET"),
domain: getOrThrow("AUTH0_DOMAIN"),
},
async ({ profile, accessToken, refreshToken, request }) => {
const user: User = {
.....
// Convert `profile: Auth0Profile` to my data type
}
const session = await getSession(request.headers.get("Cookie"));
session.set("accessToken", accessToken)
session.set("refreshToken", refreshToken)
const cookie = await commitSession(session);
// HERE: `cookie` contains new cookie with my data
return user;
}
);
关于代码中标记为“HERE”的地方,我有几个问题:
如何从这里推广到实际会议?它不是一个动作或加载器,我不能从这里抛出重定向。
我不喜欢将敏感数据发送到 cookie,即使它是加密的。您能否推荐演示如何仅在服务器上保留特殊“会话”的示例?
Remix 除了 cookie 之外还提供了额外的会话存储策略:内存、文件、Cloudflare Workers KV 等。
例如,您还可以创建自定义会话策略以将会话数据存储在数据库或 Redis 中。