@tuia/koa-sso
Advanced tools
用于koa2对接兑吧sso单点登录
一般,我们会在自己的服务也实现一套用户系统,然后去支持sso登录
http://sso.duiba.com.cn/login并自己拼接systemId参数,redirect参数(登录后需要跳转的地址到)'/sso/ssoIndex',并带上ssoStamp参数ssoStamp去拿ticket通行证,再用ticket去拿sso账户信息。(这个ticket是可以在本地自己存起来的,如后面一直要校验sso信息,可以省略之前步骤直接用ticket去取)const Koa = require('koa')
const app = new Koa()
const koaSso = require('koa-sso')
app.use(koaSso({
ssourl: 'https://sso.duibatest.com.cn/',
systemId: 29,
systemName: 'jimo',
appSecret: '95cfda1e006330958c2abbefd64d5259',
profiles: 'test'
}))
/**
* sso要求本地实现的一个接口,用来对接sso
*/
const router = require('koa-router')
router.get('/sso/ssoIndex', async ctx => {
// 获取通行证
let ticket = await ctx.sso.findTicketByStamp()
// 获取sso账号信息
let ssoData = await ctx.sso.verifyTicketAndGetAdmin(ticket)
if (ssoData) {
// 至此,已获取sso信息,后面只需将用户置为登录状态
console.log(ssoData.id)
/****** 以下根据具体业务场景自己写 ******/
/****** 例: ******/
// koa-session 登录
ctx.session.userId = ssoData.id
ctx.success('登录成功')
const params = qs.parse(ctx.request.querystring)
// 登录成功后跳转到之前所在页面
if (params.redirect) {
ctx.response.redirect(params.redirect);
}
} else {
ctx.success('sso信息过期,请清空cookie后重试!')
}
})
通过凭证获取的通行证(原来使用链接参数方式跨域传递通行证,不安全)
ctx.sso.findTicketByStamp()
登录验证接口(验证失败返回null)
ctx.sso.verifyTicketAndGetAdmin()
获取一个用户所有的角色 ctx.sso.getAdminAllRoles()
获取用户在系统下的权限 ctx.sso.getPowerIdsBySystemIdAndAdminId()
加载整个系统得权限树 ctx.sso.loadPowerList()
登出sso ctx.sso.outLogin()
获取整个系统的角色 ctx.sso.getApplicationAllRoles()
获取拥有某个角色的用户 (不传则返回所有能访问系统的用户) ctx.sso.findAdminsByRoleName()
FAQs
node接入兑吧sso
We found that @tuia/koa-sso demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.
Security News
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.