const https = require('https'); export async function GetUserinfo(Token) { console.log(process.env["NODE_TLS_REJECT_UNAUTHORIZED"]) process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0; console.log(process.env["NODE_TLS_REJECT_UNAUTHORIZED"]) const baseURL = 'https://openid.hydra:9001'; const userinfoURL = '/userinfo'; axios({ method: 'get', headers: { 'Authorization': 'Bearer ' + Token, 'accept': 'application/json' }, httpsAgent: new https.Agent({ rejectUnauthorized: false, ecdhCurve: 'auto' }), url: userinfoURL, baseURL: baseURL, responseType: 'json' }).then(function (response) { process.env[“NODE_TLS_REJECT_UNAUTHORIZED”] = 0; No Need, No mean
Error: self signed certificate Answer: rejectUnauthorized: false,
HTTPs requests to API fail: ‘sslv3 alert handshake failure Answer: ecdhCurve: ‘auto’
https://github.com/panva/node-openid-client/tree/v2.x
Important! WARNING: Node.js 12 or higher is required for openid-client@3 and above. For older Node.js versions use openid-client@2. So watch https://github.com/panva/node-openid-client/tree/v2.x
node.js package use “openid-client”: “2.5.0”,
client.authorizationCallback have bug, nonce mismatch always have this error even see https://github.com/panva/node-openid-client/issues/150 Correct way https://github.com/panva/node-openid-client/blob/f1b4282ac50f7e15fc195f66bf76409af4ec4b6b/lib/client.js
see if (params.code) { Can know use grant
https://github.com/panva/node-openid-client/tree/v2.x#custom-token-endpoint-grants
const hydraconfig= { "oidurl": "https://openid.hydra:9001", "redirectUri": "https://t.tt:9010/callback", "clientid": "auth-code-client", "clientsecretid": "secret" } //openid-client================ const { Issuer } = require('openid-client') const hydraIssuer = await Issuer.
console.log(‘show value string, object %s %O’, var.string, var.object);
Before posts about Hydra get access token is use golang HydraOauthConfig.Exchange(ctx, code). This is easy way. But on front website like vue or other framework how to get access token.
Use REST Client to test POST https://openid.hydra:9001/oauth2/token Authorization: Basic YXV0aC1jb2RlLWNsaWVudDpzZWNyZXQ= Content-Type: application/x-www-form-urlencoded grant_type=authorization_code &code=cuNw76aEuckIJJyVssk2LJvqdLXffT-8Kx1s0tYFt6Y.v0Dxc2_yT9ga8c2moKx0fDbwRFVgwryAt5BJM7lOJlM #&redirect_uri=https://certfront/oid/test/callback #&scope=openid,offline #&client_id=auth-code-client #&code_verifier= #&state=gczxkznmjkrksgytsemvwgkf Import is: Authorization: Basic https://github.com/ory/hydra/issues/631
Not Authorization: Bearer
base64(urlencode(client_id):urlencode(client_secret)) YXV0aC1jb2RlLWNsaWVudDpzZWNyZXQ= => auth-code-client:secret
code is callback code. When you login-consent finish step then callback to your set callback URL.
https://peach.ebu.io/technical/tutorials/tuto-oauth2-client/
https://www.pveller.com/oauth2-with-passport-10-steps-recipe/
http://www.hitotec.com/authentification-oauth-avec-passportjs-pour-une-api-rest/
https://www.shangyang.me/2018/03/11/javascript-nodejs-passport-04-deepinto-oauth2-authenticate-process/
https://blog.yorkxin.org/2013/09/30/oauth2-4-1-auth-code-grant-flow.html
https://blog.miniasp.com/post/2019/02/25/Creating-Self-signed-Certificate-using-OpenSSL
目前這個方式比較靠普
建立 ssl.conf 設定檔
[req] prompt = no default_md = sha256 default_bits = 2048 distinguished_name = dn x509_extensions = v3_req [dn] C = TW ST = Taiwan L = Taipei O = Duotify Inc. OU = IT Department emailAddress = admin@example.com CN = localhost [v3_req] subjectAltName = @alt_names [alt_names] DNS.1 = *.localhost DNS.2 = localhost DNS.3 = 192.168.2.100 openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout server.
https://www.ory.sh/docs/hydra/integration#interacting-with-oauth-20
https://github.com/lelylan/simple-oauth2
https://www.jianshu.com/p/5cf2b7a45b75
