無法通過護照 - 天藍色廣告的熊策略對SPA進行身份驗證

Question

所以我正在玩弄Integrating Azure AD into an AngularJS single page app 本教程的工作。 https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-devquickstarts-angular-node

它對於Azure的AD V2.0端點實現，但不幸的是我的組織不支持在Azure AD V2.0端點，因此我換過的adal.js和adal-angular庫的實驗版本，GA adal.js和adal-angular庫。前端身份驗證非常完美。但是，我修改了基於passport-azure-ad的後端配置後。後端無法驗證隱式授予的令牌。

我已經在清單文件中將allow implicit flow設置爲true。在另一個例子中，我嘗試使用我的client ID和Tenant Name，前者使用相同的angular，而.NET作爲後端。有效！

這裏是我的後端配置

exports.creds = { 

    // The app id you get from the registration portal 
    audience: 'http://localhost:8080', 
    clientID: '**********************************', 

    // Passport will use this URL to fetch the token validation information from Azure AD 
    identityMetadata: '************************************', 
    // Required. 
    // If you are using the common endpoint, you should either set `validateIssuer` to false, or provide a value for `issuer`. 
    validateIssuer: true, 

    // Required. 
    // Set to true if you use `function(req, token, done)` as the verify callback. 
    // Set to false if you use `function(req, token)` as the verify callback. 
    passReqToCallback: false, 

    // Required if you are using common endpoint and setting `validateIssuer` to true. 
    // For tenant-specific endpoint, this field is optional, we will use the issuer from the metadata by default. 
    issuer: '**************************************', 

    isB2C: false, 

    // Optional. Default value is false. 
    // Set to true if you accept access_token whose `aud` claim contains multiple values. 
    allowMultiAudiencesInToken: false, 

    // Optional. 'error', 'warn' or 'info' 
    loggingLevel: 'info' 
}; 

我的服務器：

app.use(bodyParser.urlencoded({ extended: true })); 
app.use(bodyParser.json()); 

// Pull in the Azure AD bearer passport strategy 
var OIDCBearerStrategy = require('passport-azure-ad').BearerStrategy; 

// This object is used for in-memory data storage, instead of a database. 
// Each time you run the server, you will get a fresh, empty list. 
var tasks = []; 

// Load passport and configure it to use Azure AD Bearer auth 
app.use(passport.initialize()); 
passport.use(new OIDCBearerStrategy({ 
    identityMetadata: config.creds.identityMetadata, 
    audience: config.creds.audience, 
    clientID: config.creds.clientID, 
    validateIssuer: true, 
    issuer: config.creds.issuer, 

}, function (token, done) { 
    console.log("yooo"); 
    return done(null, token, null); 
})); 

var router = express.Router(); 
router.route('/api/tasks') 
    .post(passport.authenticate('oauth-bearer', { session: false }), controller) 

這是從我的瀏覽器控制檯輸出前端認證之後：

State: ************** 
adal.js:973 State status:true 
adal.js:973 State is right 

有人做過類似的事嗎？

Answer 1

如果有人有麻煩就開始與Angularjs1 + +的NodeJS adal.js 1.x版

下面是一個工作示例。只要改變在config.js的價值觀和app.js

https://github.com/lightertu/Azure-ActiveDirectory-V1-Angularjs-Nodejs-SPA-Sample

Answer 2

正如上面這篇問題的作者評論所述，配置中的受衆值應該是客戶端ID。