https://github.com/panva/node-openid-client/tree/v2.x
Important! WARNING: Node.js 12 or higher is required for openid-client@3 and above. For older Node.js versions use openid-client@2. So watch https://github.com/panva/node-openid-client/tree/v2.x
node.js package use “openid-client”: “2.5.0”,
client.authorizationCallback have bug, nonce mismatch always have this error even see https://github.com/panva/node-openid-client/issues/150 Correct way https://github.com/panva/node-openid-client/blob/f1b4282ac50f7e15fc195f66bf76409af4ec4b6b/lib/client.js
see if (params.code) { Can know use grant
https://github.com/panva/node-openid-client/tree/v2.x#custom-token-endpoint-grants
const hydraconfig= { "oidurl": "https://openid.hydra:9001", "redirectUri": "https://t.tt:9010/callback", "clientid": "auth-code-client", "clientsecretid": "secret" } //openid-client================ const { Issuer } = require('openid-client') const hydraIssuer = await Issuer.
Before posts about Hydra get access token is use golang HydraOauthConfig.Exchange(ctx, code). This is easy way. But on front website like vue or other framework how to get access token.
Use REST Client to test POST https://openid.hydra:9001/oauth2/token Authorization: Basic YXV0aC1jb2RlLWNsaWVudDpzZWNyZXQ= Content-Type: application/x-www-form-urlencoded grant_type=authorization_code &code=cuNw76aEuckIJJyVssk2LJvqdLXffT-8Kx1s0tYFt6Y.v0Dxc2_yT9ga8c2moKx0fDbwRFVgwryAt5BJM7lOJlM #&redirect_uri=https://certfront/oid/test/callback #&scope=openid,offline #&client_id=auth-code-client #&code_verifier= #&state=gczxkznmjkrksgytsemvwgkf Import is: Authorization: Basic https://github.com/ory/hydra/issues/631
Not Authorization: Bearer
base64(urlencode(client_id):urlencode(client_secret)) YXV0aC1jb2RlLWNsaWVudDpzZWNyZXQ= => auth-code-client:secret
code is callback code. When you login-consent finish step then callback to your set callback URL.
https://blog.miniasp.com/post/2019/02/25/Creating-Self-signed-Certificate-using-OpenSSL
目前這個方式比較靠普
建立 ssl.conf 設定檔
[req] prompt = no default_md = sha256 default_bits = 2048 distinguished_name = dn x509_extensions = v3_req [dn] C = TW ST = Taiwan L = Taipei O = Duotify Inc. OU = IT Department emailAddress = admin@example.com CN = localhost [v3_req] subjectAltName = @alt_names [alt_names] DNS.1 = *.localhost DNS.2 = localhost DNS.3 = 192.168.2.100 openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout server.
docker-compose version: '3.3' services: ory-hydra-postgres: image: postgres:9.6 #restart: always environment: - POSTGRES_USER=hydra - POSTGRES_PASSWORD=secret - POSTGRES_DB=hydra volumes: - hydradata:/var/lib/postgresql/data:rw networks: - openid # 第一次執行postgres要做資料庫格式建立 PS: network依佈屬環境為主 docker network ls 確認 # docker run -it --rm \ # --network openid \ # oryd/hydra:latest \ # migrate sql --yes postgres://hydra:secret@ory-hydra-postgres:5432/hydra?sslmode=disable ory-hydra: image: oryd/hydra:latest restart: unless-stopped ports: - "9001:4444" - "9002:4445" environment: - SECRETS_SYSTEM=this_needs_to_be_the_same_a - DSN=postgres://hydra:secret@ory-hydra-postgres:5432/hydra?sslmode=disable - URLS_SELF_ISSUER=https://openid.hydra:9001/ - URLS_CONSENT=http://192.168.99.100:9020/consent - URLS_LOGIN=http://192.168.99.100:9020/login - LOG_LEVEL=debug - OAUTH2_EXPOSE_INTERNAL_ERRORS=true - SERVE_PUBLIC_CORS_ENABLED=true - SERVE_PUBLIC_CORS_ALLOWED_METHODS=POST,GET,PUT,DELETE - SERVE_ADMIN_CORS_ENABLED=true - SERVE_ADMIN_CORS_ALLOWED_METHODS=POST,GET,PUT,DELETE - SERVE_TLS_KEY_BASE64=LS0tLS1CRUdJTiBFQyBQQVJBTUVURVJTLS0tLS0KQmdVcmdRUUFJZz09Ci0tLS0tRU5EIEVDIFBBUkFNRVRFUlMtLS0tLQotLS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUlHa0FnRUJCRENLbkdnVnFJVzdZaW5iUWV5UEd5UTQ0R3U2VVFEelU5SENLYjMzTWlmeFJYRTBkbnU2KzdadQowdEJUcUhQRHVMeWdCd1lGSzRFRUFDS2haQU5pQUFSbng1Nk9jeGNyRWRsYmU4TXRSdUVxWGV2OEREcmh6ZWJGCjM4NlI4Q2RQWDRlUWI2Zll6ekFUL3V3STBsTDdvRmlEWEM3Q0JLWmZUcTdFSzN4TzNXWlpSSjJrMEQ3TnNLd2cKVEpZenJxT0JpczBNeGtva2FUWVVyemhKMXBKY3lmWT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= - SERVE_TLS_CERT_BASE64=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNQVENDQWNLZ0F3SUJBZ0lKQU13RjRiVDRvSnh0TUFvR0NDcUdTTTQ5QkFNQ01Gd3hDekFKQmdOVkJBWVQKQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbgphWFJ6SUZCMGVTQk1kR1F4RlRBVEJnTlZCQU1NREc5d1pXNXBaQzVvZVdSeVlUQWVGdzB4T1RBMk1UY3dNVEl4Ck16ZGFGdzB5T1RBMk1UUXdNVEl4TXpkYU1Gd3hDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWwKTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXhGVEFUQmdOVgpCQU1NREc5d1pXNXBaQzVvZVdSeVlUQjJNQkFHQnlxR1NNNDlBZ0VHQlN1QkJBQWlBMklBQkdmSG5vNXpGeXNSCjJWdDd3eTFHNFNwZDYvd01PdUhONXNYZnpwSHdKMDlmaDVCdnA5alBNQlArN0FqU1V2dWdXSU5jTHNJRXBsOU8KcnNRcmZFN2RabGxFbmFUUVBzMndyQ0JNbGpPdW80R0t6UXpHU2lScE5oU3ZPRW5Xa2x6SjlxTlFNRTR3SFFZRApWUjBPQkJZRUZHK3Z6ZkIxYmVnM1VadEpYRXZWOWRNa1hvNmdNQjhHQTFVZEl3UVlNQmFBRkcrdnpmQjFiZWczClVadEpYRXZWOWRNa1hvNmdNQXdHQTFVZEV3UUZNQU1CQWY4d0NnWUlLb1pJemowRUF3SURhUUF3WmdJeEFMUHYKODZFSFRUVElLcEJHdlQrY2NWN3djSC84SFIrc2xhZC9ZUFhLUlZwd2RDbzUyZVRPV3BDS2dGamtHNEJhd1FJeApBTGxGZFgwbEk2ZzhXS3lhRTVmKzJGZEkxYWVqQ0Ftd0xPTTZTRFJhNFVHbitDa2VwOEljeG1CTDIvQmUzSVZ6CjhnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= networks: - openid # 快速建立 auth-doce-client PS: network依佈屬環境為主 docker network ls 確認 #docker run --rm -it \ # -e HYDRA_ADMIN_URL=https://ory-hydra:4445 \ # --network openid \ # oryd/hydra:latest \ # clients create --skip-tls-verify \ # --id auth-code-client \ # --secret secret \ # --grant-types authorization_code,refresh_token \ # --response-types code,id_token,token \ # --scope openid,offline,photos.
docker-compose
version: '3.3' services: ory-hydra-postgres: image: postgres:9.6 #restart: always environment: - POSTGRES_USER=hydra - POSTGRES_PASSWORD=secret - POSTGRES_DB=hydra volumes: - hydradata:/var/lib/postgresql/data:rw networks: - openid # 第一次執行postgres要做資料庫格式建立 PS: network依佈屬環境為主 docker network ls 確認 # docker run -it --rm \ # --network openid \ # oryd/hydra:latest \ # migrate sql --yes postgres://hydra:secret@ory-hydra-postgres:5432/hydra?sslmode=disable ory-hydra: image: oryd/hydra:latest restart: unless-stopped ports: - "9001:4444" - "9002:4445" environment: - SECRETS_SYSTEM=this_needs_to_be_the_same_a - DSN=postgres://hydra:secret@ory-hydra-postgres:5432/hydra?sslmode=disable - URLS_SELF_ISSUER=https://openid.hydra:9001/ - URLS_CONSENT=http://192.168.99.100:9020/consent - URLS_LOGIN=http://192.168.99.100:9020/login - LOG_LEVEL=debug - OAUTH2_EXPOSE_INTERNAL_ERRORS=true - SERVE_PUBLIC_CORS_ENABLED=true - SERVE_PUBLIC_CORS_ALLOWED_METHODS=POST,GET,PUT,DELETE - SERVE_ADMIN_CORS_ENABLED=true - SERVE_ADMIN_CORS_ALLOWED_METHODS=POST,GET,PUT,DELETE - SERVE_TLS_KEY_BASE64=LS0tLS1CRUdJTiBFQyBQQVJBTUVURVJTLS0tLS0KQmdVcmdRUUFJZz09Ci0tLS0tRU5EIEVDIFBBUkFNRVRFUlMtLS0tLQotLS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUlHa0FnRUJCRENLbkdnVnFJVzdZaW5iUWV5UEd5UTQ0R3U2VVFEelU5SENLYjMzTWlmeFJYRTBkbnU2KzdadQowdEJUcUhQRHVMeWdCd1lGSzRFRUFDS2haQU5pQUFSbng1Nk9jeGNyRWRsYmU4TXRSdUVxWGV2OEREcmh6ZWJGCjM4NlI4Q2RQWDRlUWI2Zll6ekFUL3V3STBsTDdvRmlEWEM3Q0JLWmZUcTdFSzN4TzNXWlpSSjJrMEQ3TnNLd2cKVEpZenJxT0JpczBNeGtva2FUWVVyemhKMXBKY3lmWT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= - SERVE_TLS_CERT_BASE64=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNQVENDQWNLZ0F3SUJBZ0lKQU13RjRiVDRvSnh0TUFvR0NDcUdTTTQ5QkFNQ01Gd3hDekFKQmdOVkJBWVQKQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbgphWFJ6SUZCMGVTQk1kR1F4RlRBVEJnTlZCQU1NREc5d1pXNXBaQzVvZVdSeVlUQWVGdzB4T1RBMk1UY3dNVEl4Ck16ZGFGdzB5T1RBMk1UUXdNVEl4TXpkYU1Gd3hDekFKQmdOVkJBWVRBa0ZWTVJNd0VRWURWUVFJREFwVGIyMWwKTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbGNtNWxkQ0JYYVdSbmFYUnpJRkIwZVNCTWRHUXhGVEFUQmdOVgpCQU1NREc5d1pXNXBaQzVvZVdSeVlUQjJNQkFHQnlxR1NNNDlBZ0VHQlN1QkJBQWlBMklBQkdmSG5vNXpGeXNSCjJWdDd3eTFHNFNwZDYvd01PdUhONXNYZnpwSHdKMDlmaDVCdnA5alBNQlArN0FqU1V2dWdXSU5jTHNJRXBsOU8KcnNRcmZFN2RabGxFbmFUUVBzMndyQ0JNbGpPdW80R0t6UXpHU2lScE5oU3ZPRW5Xa2x6SjlxTlFNRTR3SFFZRApWUjBPQkJZRUZHK3Z6ZkIxYmVnM1VadEpYRXZWOWRNa1hvNmdNQjhHQTFVZEl3UVlNQmFBRkcrdnpmQjFiZWczClVadEpYRXZWOWRNa1hvNmdNQXdHQTFVZEV3UUZNQU1CQWY4d0NnWUlLb1pJemowRUF3SURhUUF3WmdJeEFMUHYKODZFSFRUVElLcEJHdlQrY2NWN3djSC84SFIrc2xhZC9ZUFhLUlZwd2RDbzUyZVRPV3BDS2dGamtHNEJhd1FJeApBTGxGZFgwbEk2ZzhXS3lhRTVmKzJGZEkxYWVqQ0Ftd0xPTTZTRFJhNFVHbitDa2VwOEljeG1CTDIvQmUzSVZ6CjhnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= networks: - openid #這行非常重要,docker成功運行後,要進geht console執行 admin.
Windows
Update chrome v75 > mkdir t > cd t > midir tests > npm install nightwatch --save-dev > npm install chromedriver --save-dev > nano nightwatch.js require('nightwatch/bin/runner.js'); > nano nightwatch.conf.js const chrome = require('chromedriver') module.exports = { src_folders: ['tests'], webdriver: { start_process: true, server_path: chrome.path, port: 9515, }, test_settings: { default: { desiredCapabilities: { browserName: 'chrome', }, }, }, } > nano tests/test.js module.exports = { 'step one: navigate to google' : function (browser) { for (var i = 0; i < 10; i += 1) { browser .
If you use consent website(official login&consent) run all step, routes/consent.js session part need remove mark, surely you can get session data. @token= xLPcJ3tobDqGUDxIVTxWt2p7w_odZSV22IAlUf5QPZU.YD6R_xKQ2ldCLbEV7mmc01E6ZLzemzdEC5H4-otTMPg ### userinfo GET https://openid.hydra:9001/userinfo Authorization: Bearer {{token}} ### introspect POST https://openid.hydra:9002/oauth2/introspect Content-Type: application/x-www-form-urlencoded token={{token}} &scope=openid+photos.read PS:&scope=openid+photos.read can remove.
But you use REST Client need fix. Put session data by yourself. ### accept conent scope PUT https://192.168.99.100:9002/oauth2/auth/requests/consent/accept?consent_challenge={{consent_challenge}} Content-Type: application/json { "grant_scope": ["openid", "photos.read"], "session": { "access_token": { "foo": "bar" }, "id_token": { "baz": "bar" } } } Try and watch many document.