护照谷歌身份验证 + aws cognito + nodejs

Question

我正在使用 passport-google-auth 对 google 用户进行身份验证，它返回我用来获取 aws Cognito 凭据的 access_token，但它会引发错误：

NotAuthorizedException：登录令牌无效。不是有效的 OpenId Connect 身份令牌。

我的代码 sn-p:

passport.use(new GoogleStrategy(googleDeveloperDetails, getUserDetails));

app.get("/auth/google", passport.authenticate("google", { scope: ['email'] }));

var authGoogle = passport.authenticate("google", {
failureRedirect: "/auth/google"
});

  app.get("auth/google/callback", authGoogle, controller.successRedirect);

 getUserDetails = function(accessToken, refreshToken, params, profile, done) {        
    profile.token = accessToken;      
    done(null, profile);
}

googleDeveloperDetails = {
    clientID: "google cleint ID",
    clientSecret: "google client secret",
    callbackURL: "https://localhost:3000/auth/google/callback",
    profileFields: ["emails", "profile"]
}

Answer 1

已解决

通过使用从 Google 收到的 params.id_token 解决。 Google 护照返回 accessToken、refreshToken 和 params.id_token，在搜索和阅读 open-id-connect 提供程序后，我得到了解决方案。

解决办法如下：

passport.use(new GoogleStrategy(googleDeveloperDetails, getUserDetails));

app.get("/auth/google", passport.authenticate("google", { scope: ['email'] }));

var authGoogle = passport.authenticate("google", {
    failureRedirect: "/auth/google"
});

app.get("auth/google/callback", authGoogle, controller.successRedirect);

getUserDetails = function(accessToken, refreshToken, params, profile, done) {
  if(profile.provider == "google") {
        // params.id_token to be used to get cognito credentials
        profile.token = params.id_token;   
  } else {
        profile.token = accessToken;
  }
  done(null, profile);
}

googleDeveloperDetails = {
   clientID: "google cleint ID",
   clientSecret: "google client secret",
   callbackURL: "https://localhost:3000/auth/google/callback",
   profileFields: ["emails", "profile"]
}