现在我正在寻找使用Ember-cli作为我的前端,我需要使用OpenID Connect进行身份验证和授权。
有人做过这样的事吗?到目前为止我找不到任何例子。我遇到了'ember-cli-simple-auth','ember-cli-simple-auth-oauth2','ember-cli-simple-auth-token'。
我猜我应该使用'ember-cli-simple-token'?有没人试过这个?如果是这样你能指出我的任何例子/阅读资源?
更新:(7月15日15日)我一直在研究'torii'特别是'ember-cli-torii-azure-provider'。我可以获得授权代码,但没有Id_Token(我猜它是因为它没有要求Azure AD用于Id_Token),看起来我需要考虑编写一个新的torii提供程序。根据Torii文档,
Torii将在Ember应用程序容器中查找提供程序,因此如果您按常规命名它们(将它们放在app / torii-providers目录中),则在使用ember-cli或ember app kit时它们将自动可用。
这是不是意味着,在我的ember-cli项目中,我需要创建'torii-providers'文件夹并创建新的提供者?让我们说'torii-azure-openidconnect.js'?
更新:
我正在尝试为AzureAD OpenID Connect创建自定义Torii提供程序。
我收到了“错误:来自提供者的响应缺少这些必需的响应参数:id_token”
这是我的自定义提供者:
import Ember from 'ember';
import Oauth2 from 'torii/providers/oauth2-code';
import {configurable} from 'torii/configuration';
var computed = Ember.computed;
/**
* This class implements authentication against AzureAD
* using the OAuth2 authorization flow in a popup window.
* @class
*/
export default Oauth2.extend({
name: 'azure-ad-oidc',
baseUrl: computed(function() {
return 'https://login.windows.net/' + this.get('tennantId') + '/oauth2/authorize';
}),
tennantId: configurable('tennantId', 'common'),
// additional url params that this provider requires
requiredUrlParams: ['api-version','response_mode', 'nonce'],
optionalUrlParams: ['scope'],
responseMode: configurable('responseMode', null),
responseParams: computed(function () {
return [ this.get('responseType') ];
}),
state: 'STATE',
apiVersion: '1.0',
nonce : configurable('nonce', null),
responseType: configurable('responseType', 'null'),
redirectUri: configurable('redirectUri', function(){
// A hack that allows redirectUri to be configurable
// but default to the superclass
return this._super();
}),
open: function(){
var name = this.get('name'),
url = this.buildUrl(),
redirectUri = this.get('redirectUri'),
responseParams = this.get('responseParams'),
responseType = this.get('responseType'),
state = this.get('state'),
shouldCheckState = responseParams.indexOf('state') !== -1;
return this.get('popup').open(url, responseParams).then(function(authData){
var missingResponseParams = [];
responseParams.forEach(function(param){
if (authData[param] === undefined) {
missingResponseParams.push(param);
}
});
if (missingResponseParams.length){
throw new Error("The response from the provider is missing " +
"these required response params: " + missingResponseParams.join(', '));
}
if (shouldCheckState && authData.state !== state) {
throw new Error('The response from the provider has an incorrect ' +
'session state param: should be "' + state + '", ' +
'but is "' + authData.state + '"');
}
return {
authorizationCode: authData[responseType],
provider: name,
redirectUri: redirectUri
};
});
}
});
configuration.js
torii: {
sessionServiceName: 'toriiSession',
providers: {
'azure-ad-oidc' :{
tennantId : 'tenant id',
client_id : 'client_id',
redirectUri : 'http://localhost:4200',
nonce : 'my_nonce',
responseMode : 'form_post',
responseType : 'id_token',
scope : 'openid',
apiKey : ''
}
}
},
路线/ application.js中
import Ember from 'ember';
export default Ember.Route.extend({
actions: {
azureLogin: function() {
this.get('torii').open('azure-ad-oidc').then(function(data) {
var authCode = this.get('toriiSession.authorizationCode');
console.log(authCode);
});
}
}
});
无法锻炼如何解决这个问题..我错过了什么?
请参阅ember-simple-auth-oidc,它实现了OpenID Connect的授权代码流程并与ember-simple-auth集成。
(我意识到很久以前就已经问过这个问题了,但也许它可以帮助将来遇到这个问题的人)