如何使用NextAuth设置IdentityServer4Provider中的赠款类型?
我想使用nextAuth和IdentityServer4进行身份验证。我创建了以下提供商:
import NextAuth from "next-auth"
import IdentityServer4Provider from "next-auth/providers/identity-server4";
export default NextAuth({
// Configure one or more authentication providers
providers: [
IdentityServer4Provider({
id: "identity-server4",
name: "IdentityServer4",
issuer: process.env.NEXT_PUBLIC_IDENTITY_SERVER,
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET
})
],
callbacks: {
},
secret: process.env.NEXTAUTH_SECRET,
})
我遇到的问题是,我需要添加grant_type value client> client_credentials。
当我在NextAuth中查看IdentityServer4提供商的代码时,我找到了此(no Grant_Type选项):
/** @type {import(".").OAuthProvider} */
export default function IdentityServer4(options) {
return {
id: "identity-server4",
name: "IdentityServer4",
type: "oauth",
wellKnown: `${options.issuer}/.well-known/openid-configuration`,
authorization: { params: { scope: "openid profile email" } },
checks: ["pkce", "state"],
idToken: true,
profile(profile) {
return {
id: profile.sub,
name: profile.name,
email: profile.email,
image: null,
}
},
options,
}
}
我有以下post请求,该请求正常:
如何向该提供者添加grant_type?
I want to authenticate using NextAuth and IdentityServer4. I have created the following provider:
import NextAuth from "next-auth"
import IdentityServer4Provider from "next-auth/providers/identity-server4";
export default NextAuth({
// Configure one or more authentication providers
providers: [
IdentityServer4Provider({
id: "identity-server4",
name: "IdentityServer4",
issuer: process.env.NEXT_PUBLIC_IDENTITY_SERVER,
clientId: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET
})
],
callbacks: {
},
secret: process.env.NEXTAUTH_SECRET,
})
The problem I am having is I need to add a grant_type with value client_credentials.
When I look at the code for IdentityServer4 provider in NextAuth, I found this (no grant_type option):
/** @type {import(".").OAuthProvider} */
export default function IdentityServer4(options) {
return {
id: "identity-server4",
name: "IdentityServer4",
type: "oauth",
wellKnown: `${options.issuer}/.well-known/openid-configuration`,
authorization: { params: { scope: "openid profile email" } },
checks: ["pkce", "state"],
idToken: true,
profile(profile) {
return {
id: profile.sub,
name: profile.name,
email: profile.email,
image: null,
}
},
options,
}
}
I have the following POST request, which is working correctly:
How can I add a grant_type to this provider?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如我所见,您正在尝试将外部提供商添加到下一步。客户凭证不能提供身份。它在此流程中不存在,因此您不能请求OpenID范围,也不能将其用作外部提供商流。
这种类型的赠款通常用于必须在背景中运行的服务器之间的交互,而无需与用户立即交互。
Next-auth将将用户重定向到外部提供商,并等待其交互,可能是具有授权代码流的登录名,直到完成并将控制返回到Next-auth。
As I see it, you are trying to add an external provider to Next-auth. Client Credentials doesn't provide identity. It doesn't exist a user in this flow, so you can't request OpenID scopes and you can't use it as an external provider flow.
This type of grant is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user.
Next-auth will redirect the user to the external provider and wait for their interaction, probably a login with Authorization Code flow, until it finishes and returns control to Next-auth.