如何解决Auth0 Node Express JWT React req.session.passport.user未定义
我正在尝试在服务器上具有Node / Express并在前端具有React的应用程序中实现Auth0,我几乎遵循Auth0 Quick Start到T了,但出现以下错误:
TypeError: Cannot read property 'user' of undefined
at router.get (/Users/me/Web Projects/project/server/routes/postAuthenticationRouter.js:10:29)
第10行显示:
if (!req.session.passport.user) {
我一直在谷歌搜索和阅读Stack Overflow的答案,但是找不到任何答案(订购中间件,添加“ withCredentials”等)。
app.js
const cookieParser = require('cookie-parser')
const express = require('express')
const session = require('express-session')
const logger = require('morgan')
const passport = require('passport')
const cors = require('cors')
require('dotenv').config()
// connect to the database and define models
require('./db/config')
require('./models')
// require the router modules
const adminRouter = require('./routes/admin')
const authenticationRouter = require('./routes/authentication')
const configRouter = require('./routes/config')
const postAuthenticationRouter = require('./routes/postAuthenticationRouter')
const userRouter = require('./routes/user')
const app = express()
// configure express
app.use(logger('dev'))
app.use(express.json())
app.use(cookieParser())
// configure express-session
const { SESSION_SECRET } = process.env
const sessionConfig = {
secret: SESSION_SECRET,cookie: {},resave: false,saveUninitialized: true,}
if (app.get('env') === 'production') {
sessionConfig.cookie.secure = true
}
app.use(session(sessionConfig))
// prevent status 304
app.disable('etag')
// load passport strategies
app.use(passport.initialize())
app.use(passport.session())
// import passport-auth0 strategy
const auth0Strategy = require('./passport/auth0')
passport.use(auth0Strategy)
// gets run after successful Auth0 authenticated login
passport.serializeUser((profile,done) => {
done(null,profile);
})
// gets run for each subsequent request after logging in
passport.deserializeUser((user,user);
})
// allow CORS
const corsOptions = {
origin: process.env.REACT_SERVER,credentials: true,}
app.use(cors(corsOptions))
// authentication middleware
const authCheckMiddleware = require('./middleware/auth-check')
app.use('/api/v1/postAuthentication',postAuthenticationRouter)
app.use('/',authenticationRouter)
module.exports = app
routes / authentication.js
const express = require('express')
const passport = require('passport')
const router = express.Router()
const {
AUTH0_DOMAIN,AUTH0_CALLBACK_URL,AUTH0_CLIENT_ID,REACT_SERVER,} = process.env
// Pass user authentication off to Auth0
router.get('/login/auth0',passport.authenticate('auth0'))
// This route gets called once Auth0 has successfully authenticated the user
router.get('/authenticated',(req,res,next) => {
passport.authenticate('auth0',(passportAuthErr,user) => {
if (passportAuthErr) return next(passportAuthErr)
if (!user) return res.redirect(`${REACT_SERVER}/login`)
return req.logIn(user,(loginErr) => {
if (loginErr) return next(loginErr)
const { returnTo } = req.session
delete req.session.returnTo
return res.redirect(returnTo || `${REACT_SERVER}/authenticated`)
})
})(req,next)
})
// Perform session logout and redirect to homepage
router.get('/logout/auth0',res) => {
req.session.destroy(() => {
res.redirect(`https://${AUTH0_DOMAIN}/v2/logout?returnTo=${AUTH0_CALLBACK_URL}/deauthenticated&client_id=${AUTH0_CLIENT_ID}`)
});
});
router.get('/deauthenticated',res) => {
res.clearCookie('connect.sid')
res.json({ success: true })
})
module.exports = router
routes / postAuthenticationRouter.js *
const express = require('express')
const jwt = require('jsonwebtoken')
const router = express.Router()
const { JWT_SECRET } = process.env
// This route gets called by the client once it has been
// redirected to /authenticated locally (after Auth0 authentication)
router.get('/',res) => {
if (!req.session.passport.user) {
return res.status(400).json({
success: false,message: 'Authentication failed!',})
}
const {
nickname: username,_id: userId,role: roleType,} = req.session.passport.user
const payload = {
sub: req.session.passport.user._id,}
const token = jwt.sign(payload,JWT_SECRET)
const userData = {
username,userId,roleType,}
return res.json({
success: true,message: 'You have successfully logged in.',token,user: userData,})
})
module.exports = router
passport / auth0.js
const Auth0 = require('passport-auth0')
const User = require('mongoose').model('User')
const {
AUTH0_DOMAIN,AUTH0_CLIENT_SECRET,} = process.env
module.exports = new Auth0(
{
domain: AUTH0_DOMAIN,clientID: AUTH0_CLIENT_ID,clientSecret: AUTH0_CLIENT_SECRET,callbackURL: `${AUTH0_CALLBACK_URL}/authenticated`,scope: 'openid email profile OTHER_SCOPE_VARIABLE',},// After Auth0 authentication,update user info in MongoDB
// to ensure it remains sync'd with Auth0's source of truth
async (accessToken,refreshToken,extraParams,profile,done) => {
try {
const userData = {
auth0Id: profile.id,username: profile.nickname,displayName: profile.displayName,last_login: new Date(),roleType: profile._json['https://t9e.io/role'],}
let user = await User.findOneAndUpdate(
{ auth0Id: profile.id },userData,{
new: true,)
if (user) return done(null,user)
user = await User.create(userData)
return done(null,user)
} catch (err) {
return done(err)
}
},)
当我进入我的React应用程序时:
- 我单击登录
- 它将我重定向到Auth0
- 我通过Auth0进行身份验证
- 它会将我重定向到我的React应用并调用服务器
- 未定义整个
req.session.passport时发生错误
必须有交叉的电线或我没有得到的东西。任何帮助都将不胜感激!
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。