Google oauth2在Swagger中为节点,JS应用程序身份验证
我创建了一个简单的nodejs应用程序,该应用程序使用Passport使用Google来处理OAuth2身份验证。我在Google API中创建了凭据,配置了Google策略...
const passport = require('passport');
const GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
passport.serializeUser((user , cb) => {
cb(null , user);
})
passport.deserializeUser(function(user, cb) {
cb(null, user);
});
passport.use(new GoogleStrategy({
clientID: process.env.CLIENTID,
clientSecret: process.env.CLIENTSECRET,
callbackURL: process.env.CALLBACK,
passReqToCallback: true
},
function(request, accessToken, refreshToken, profile, cb) {
return cb(null, profile);
}
));
app.use(passport.initialize());
app.use(passport.session());
该应用程序运行良好,并且凭证使我可以控制对应用程序的访问。
我还配置了Swagger,以提供一种测试应用程序提供的REST API的方法。
var options = {
validatorUrl : null,
oauth: {
clientId: process.env.CLIENTID,
clientSecret: process.env.CLIENTSECRET,
appName: "MyApp",
}
};
var swaggerUi = require('swagger-ui-express');
swaggerDocument = require('./swagger.json');
app.use(
'/api-docs',
swaggerUi.serve,
swaggerUi.setup(swaggerDocument,false,options)
);
Swagger也可以正常工作,但是某些API需要身份验证,因此我还需要使OAuth2身份验证与Google一起使用。
在我发现的一些示例之后,我在我的Swagger.json(Swagger 2.0)中配置了“ SecurityDefinition”部分:
"securityDefinitions": {
"google_oauth": {
"type": "oauth2",
"flow": "implicit",
"authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenUrl": "https://www.googleapis.com/oauth2/v4/token",
"scopes": {
"https://www.googleapis.com/auth/userinfo.profile": "All user operations requiring authentication."
}
}
},
Note :我已经尝试了该流量的“隐式”和“授权库”值。
我已经在那些API中添加了安全配置,这些API需要执行凭据。
"/favourites/User/{user}/City/{city}": {
"post": {
"summary": "Adds the selected city as a new favourite for that user.",
"tags": ["Favourites"],
"security": [
{"google_oauth": ["https://www.googleapis.com/auth/userinfo.email"]}
],
现在,显示了授权按钮,当单击时,我将重定向到Google(在新标签中)。
我提供我的凭据,然后返回到原始的Swagger选项卡。
,但是现在,如果我尝试执行受保护的API,我的REST代码将接收一个携带者令牌(我尚未将其配置为处理的应用程序)。
我认为我可能会使用错误的配置来进行Swagger,因此我使用auth url使用auth url更改了Swagger.json文件中的安全性定义(使用该应用程序时,请调用该定义不夸张)。
"securityDefinitions": {
"google_oauth": {
"type": "oauth2",
"flow": "implicit",
"authorizationUrl": "http://www.myapp.es/auth",
"scopes": {
"favourites": "All user operations requiring authentication."
}
}
},
但这也无法正常工作。
有什么想法吗?我认为我很亲密,只有在Swagger上工作的OAuth2缺少一些属性。
提前致谢。
I have created a simple NodeJS application which is using Passport for handling OAuth2 authentication using Google. I created credentials in Google API, configured the Google strategy ...
const passport = require('passport');
const GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
passport.serializeUser((user , cb) => {
cb(null , user);
})
passport.deserializeUser(function(user, cb) {
cb(null, user);
});
passport.use(new GoogleStrategy({
clientID: process.env.CLIENTID,
clientSecret: process.env.CLIENTSECRET,
callbackURL: process.env.CALLBACK,
passReqToCallback: true
},
function(request, accessToken, refreshToken, profile, cb) {
return cb(null, profile);
}
));
app.use(passport.initialize());
app.use(passport.session());
The application works great and credentials allow me to control access to the application.
I have also configured Swagger to provide a way to test the REST API's provided by the application.
var options = {
validatorUrl : null,
oauth: {
clientId: process.env.CLIENTID,
clientSecret: process.env.CLIENTSECRET,
appName: "MyApp",
}
};
var swaggerUi = require('swagger-ui-express');
swaggerDocument = require('./swagger.json');
app.use(
'/api-docs',
swaggerUi.serve,
swaggerUi.setup(swaggerDocument,false,options)
);
Swagger also works fine, but some of the API's require authentication, so I also need to have that OAUth2 authentication working with Google.
In my swagger.json (Swagger 2.0) I have configured the securityDefinitions section following some examples I have found:
"securityDefinitions": {
"google_oauth": {
"type": "oauth2",
"flow": "implicit",
"authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenUrl": "https://www.googleapis.com/oauth2/v4/token",
"scopes": {
"https://www.googleapis.com/auth/userinfo.profile": "All user operations requiring authentication."
}
}
},
Note: I have tried both with 'implicit' and 'authorizationCode' values for the flow.
And I have added security configuration to those API's which require credentials to be executed.
"/favourites/User/{user}/City/{city}": {
"post": {
"summary": "Adds the selected city as a new favourite for that user.",
"tags": ["Favourites"],
"security": [
{"google_oauth": ["https://www.googleapis.com/auth/userinfo.email"]}
],
In Swagger now the Authorize button is displayed and when clicked I get redirected to Google (in a new tab).
I provide my credentials and I am returned to the original Swagger tab.
But now, if I try to execute the protected API, my REST code is receiving a Bearer token (which I have not configured my application to handle).
I thought I might be using a wrong configuration for Swagger, so I changed the security definitions in the swagger.json file using the auth URL for my application (which is being called when using the application and not swagger).
"securityDefinitions": {
"google_oauth": {
"type": "oauth2",
"flow": "implicit",
"authorizationUrl": "http://www.myapp.es/auth",
"scopes": {
"favourites": "All user operations requiring authentication."
}
}
},
But this is not working either.
Any ideas? I think I am close and only some attribute is missing for having OAuth2 working in Swagger.
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论