1. 技术文章
  2. wolkenkit redirects to Auth0 even when user is logged in

wolkenkit redirects to Auth0 even when user is logged in

天大地大妈咪最大 提交于 2019-12-12 15:13:59

问题


I just tried to test wolkenkit’s authentication with the chat template following the wolkenkit docs. User login seems to work, but the user is redirected to Auth0 even when they're already logged in (without the client calling the auth.login method).

Here’s a code snippet from the client:

wolkenkit.connect({
    host: 'local.wolkenkit.io',
    port: 3000,
    authentication: new wolkenkit.authentication.OpenIdConnect({
        identityProviderUrl: 'https://<myIdentity>.eu.auth0.com/authorize',
        clientId: '<myClientID>',
        strictMode: false
    })
}).
    then(chat => {
        console.log("chat.auth.isLoggedIn() = " + chat.auth.isLoggedIn());
        console.log(chat.auth.getProfile());
        if (!chat.auth.isLoggedIn()) {
            return chat.auth.login();
        }
    });

In package.json, the identity provider is configured as followed:

"wolkenkit": {
    "environments": {
      "default": {
        "identityProvider": {
          "name": "https://<myIdentity>.eu.auth0.com/",
          "certificate": "/server/keys/<myIdentity>.eu.auth0.com"
        },...

Browser log after clearing cookies (I censored the provider identity and the object returned by chat.auth.getProfile()):

Navigated to http://local.wolkenkit.io:8080/
index.js:14 chat.auth.isLoggedIn() = false
index.js:15 undefined
Navigated to https://<myIdentity>.eu.auth0.com/login?client=<clientID>...

Navigated to http://local.wolkenkit.io:8080/
index.js:14 chat.auth.isLoggedIn() = true
index.js:15 {iss: "https://<myIdentity>.eu.auth0.com/", sub: "auth0|...", aud: "...", iat: ..., exp: ..., …}
Navigated to https://<myIdentity>.eu.auth0.com/login?client=<clientID>...

回答1:


Being redirected although you configured authentication typically means that there is an error in the way the authentication is configured.

You might want to check these settings:

  • The token must be signed using RS256, not HS256 (which, for some accounts, seems to be the default of Auth0). To find out which signature algorithm is being used, get the token from the browser's local storage and paste it into the JWT debugger. Then you can see how the token was signed. If you need to change the signature algorithm, you can find this in the Advanced Settings of your client in Auth0.
  • Using the very same debugger you can also verify whether the token and the certificate you are using match each other. If they don't, you probably have copied the wrong certificate, or you have configured the path to point to a wrong certificate.
  • The certificate file must be named certificate.pem. If it has another name, or the path in package.json is incorrect, wolkenkit should not even start the application, but to be sure double-check that the file is named correctly.
  • In the package.json, besides the path to the certificate, you also have to provide the name of the identity provider you use, in your case this is https://<myIdentity>.eu.auth0.com/. Please note that this must exactly match the iss claim within the token. Often the claim in the token contains a trailing slash, while the value in package.json does not. If they differ, use the token's value in package.json.

Once you have made your changes, make sure to empty local storage, and to restart your wolkenkit application using the following command (otherwise your changes won't become effective):

$ wolkenkit restart

Hope this helps :-)



来源:https://stackoverflow.com/questions/48266381/wolkenkit-redirects-to-auth0-even-when-user-is-logged-in

标签
auth0
wolkenkit
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!