我正在使用带有Torii的ember-cli-simple-auth插件来进行身份验证流程 .
到目前为止,我已经设法使用自定义Torii提供程序和自定义简单身份验证器进行身份验证 .
我现在想使用自定义的简单身份验证授权程序将访问令牌注入请求 .
在文档https://github.com/simplabs/ember-simple-auth#implementing-a-custom-authorizer之后我添加了自定义授权程序和初始化程序
authorizers/myservice.js
import Base from 'simple-auth/authorizers/base';
import Ember from 'ember';
export default Base.extend({
/**
@method authorize
@param {jqXHR} jqXHR The XHR request to authorize (see http://api.jquery.com/jQuery.ajax/#jqXHR)
@param {Object} requestOptions The options as provided to the `$.ajax` method (see http://api.jquery.com/jQuery.ajaxPrefilter/)
*/
authorize: function(jqXHR) {
var accessToken = this.get('session.content.token');
if (this.get('session.isAuthenticated') && !Ember.isEmpty(accessToken)) {
jqXHR.setRequestHeader('Authorization', 'Bearer ' + accessToken);
}
}
});
initializers/authorization.js
import MyserviceAuthorizer from '../authorizers/myservice';
export function initialize(container, application) {
container.register('authorizer:myservice', MyserviceAuthorizer);
}
export default {
name: 'authorization',
before: 'simple-auth',
initialize: initialize
};
并包含在开发环境中的 config/environment.js 中
ENV['simple-auth'] = {
authorizer: 'authorizer:myservice',
crossOriginWhitelist: ['*']
}
不幸的是,添加它现在已经破坏了身份验证 .
看起来Torii不再收到回复 .
The response from the provider is missing these required response params: access_token, token_type, expires_in
我在这里也包括了Torii Provider代码和Simple Auth Authenticator代码 .
任何建议或帮助将非常感激,我有点坚持这一点 .
torii-providers/myservice.js
import Provider from 'torii/providers/oauth2-bearer';
import {configurable} from 'torii/configuration';
import env from '../config/environment';
export default Provider.extend({
name: 'myservice',
baseUrl: (env.api_host + '/oauth/authorize'),
responseParams: ['access_token', 'token_type', 'expires_in'],
redirectUri: configurable('redirectUri', function(){
// A hack that allows redirectUri to be configurable
// but default to the superclass
return this._super();
})
});
还有一个自定义的Simple Auth身份验证器
authenticators/myservice.js
import Ember from 'ember';
import Base from 'simple-auth/authenticators/base';
import ajax from 'ic-ajax';
export default Base.extend({
restore: function(data) {
return new Ember.RSVP.Promise(function(resolve, reject) {
if(!Ember.isEmpty(data.currentUser)) {
resolve(data);
} else {
reject();
}
});
},
authenticate: function(options) {
return this.fetchOauthData(options).then(this.fetchUserData.bind(this));
},
fetchUserData: function(oauthData) {
var token = oauthData.token.access_token;
return ajax({
url: '/api/v1/users/me',
type: "GET",
beforeSend: function (xhr) {
xhr.setRequestHeader("Authorization", "Bearer " + token);
}
}).then(function(userJSON){
return {
currentUser: userJSON.user,
token: token
};
});
},
fetchOauthData: function(options) {
return new Ember.RSVP.Promise(function(resolve, reject) {
options.torii.open(options.provider).then(function(oauthData) {
resolve({
provider: oauthData.provider,
token: oauthData.authorizationToken
});
}, function(error) {
reject(error);
});
});
}
});
1 回答
这可能与以下事实有关:Ember CLI自动注册容器中app文件夹下的所有内容 . 虽然Ember CLI documentation的以下引用没有明确解释,但它给出了一个提示:
如果您的授权者文件是
app/authorizers/myservice.js,Ember CLI将在容器上的'authorizer:myservice'名称下注册它 . 容器反过来会在查找时创建一个单例实例 . 由于您在初始化程序中执行相同的注册,因此可能存在某种冲突 .