我使用aws-amplify,如下所示,
Amplify.configure({
Auth: {
region: config.aws.region,
identityPoolRegion: config.aws.region,
userPoolId: process.env.userPoolId,
userPoolWebClientId: process.env.appClientId,
oauth: {
domain: process.env.domain,
// scope: ['phone', 'email', 'profile', 'openid', 'aws.cognito.signin.user.admin'],
redirectSignIn: `${process.env.redirectSignIn}`,
redirectSignOut: process.env.redirectSignout,
responseType: code // NOTE: It was set to 'token' earlier and I used to get accessToken/IDToken back but refreshToken was empty
}
}
});
如您所见,
responseTypetokenrefreshtoken我想生成
refershToken要获得
refreshtokenresponseTypecode我如何调用oauth2端点(responseType = code)
const azureLogin = () => {
window.location.href = `https://${process.env.domain}/oauth2/authorize?identity_provider=${process.env.identityProviderName}&redirect_uri=${process.env.redirectSignIn}&response_type=${process.env.responseType}&client_id=${process.env.appClientId}&scope=aws.cognito.signin.user.admin+email+openid+phone+profile`;
};
从我的应用程序中,每当我(SSO)登录时,它都会执行以下操作,
浏览器的 URL 更改为某些内容 :
https://login.microsoftonline.com/62xxx-7x-4xxxf50-axx7-fxxx692/saml2?SAMLRequest=fZJbS8MwF********************
然后它变成,
http://localhost:3000/auth/redirect?code=bccxxx-exx-4xx-8x-9xxxxxx
我得到了代码,但我不知道应该如何处理该代码。如何使用这段代码获取accessToken、IdToken和refreshToken?
有人可以帮我处理流程吗?
PS:我也检查了AWS-amplify文档,但流程不清楚。最重要的是,没有可用的示例可以帮助我。
完成上述设置后,您就开始获取代码了。
获取代码后,您可以通过发出HTTP POST请求来获取令牌,如下,
const getToken= (code: string) => {
const requestOptions = {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
body: new URLSearchParams({
grant_type: 'authorization_code',
code: `${code}`,
client_id: `${process.env.appClientId}`,
client_secret: `${process.env.secretHash}`,
redirect_uri: `${process.env.redirectSignIn}`
})
};
return fetch(`https://${process.env.domain}/oauth2/token`, requestOptions);
}
作为响应,您成功获得所有令牌。