我正在尝试从我的 NodeJS express webapp 调用 Microsoft Graph API,但我无法从 AAD 获取访问令牌。
我能够成功登录并且能够获取用户的个人资料(能够获取代码和 id_token),接下来我想获取访问令牌,以便我调用 Graph Api 调用。
有人可以帮助了解我如何从 OIDCStrategy 获取访问令牌吗?
【问题讨论】:
标签: node.js passport.js access-token passport-azure-ad
我找到了相同的解决方法。
passport.use(new OIDCStrategy({
identityMetadata: configAuth.creds.identityMetadata,
clientID: configAuth.creds.clientID,
responseType: configAuth.creds.responseType,
responseMode: configAuth.creds.responseMode,
redirectUrl: configAuth.creds.redirectUrl,
allowHttpForRedirectUrl: configAuth.creds.allowHttpForRedirectUrl,
clientSecret: configAuth.creds.clientSecret,
validateIssuer: configAuth.creds.validateIssuer,
isB2C: configAuth.creds.isB2C,
issuer: configAuth.creds.issuer,
passReqToCallback: configAuth.creds.passReqToCallback,
scope: configAuth.creds.scope,
loggingLevel: configAuth.creds.loggingLevel,
nonceLifetime: configAuth.creds.nonceLifetime,
nonceMaxAmount: configAuth.creds.nonceMaxAmount,
useCookieInsteadOfSession: configAuth.creds.useCookieInsteadOfSession,
cookieEncryptionKeys: configAuth.creds.cookieEncryptionKeys,
clockSkew: configAuth.creds.clockSkew,
}, (req, iss, sub, profile, access_token, refresh_token, params, done) => {
console.log(`Profile >>>> ${JSON.stringify(profile)}`);
if(!profile.oid) {
return done(new Error("No oid found"), null);
}
profile.tokens = params;
// console.log(`Access-Token >>>> ${access_token}`);
// console.log(`Refresh-Token >>>> ${refresh_token}`);
// console.log(`Profile >>>>>>>>>>>>>> ${JSON.stringify(profile)}`);
process.nextTick(() => {
findByOid(profile.oid, (err, user) => {
if(err) {
return done(err);
}
if(!user) {
users.push(profile);
return done(null, profile);
}
return done(null, user);
});
});
}));
【讨论】: