Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to use Nodejs to implement SSO

2025-01-20 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)05/31 Report--

Today, I would like to share with you how to use Nodejs to achieve SSO related knowledge, the content is detailed, logic is clear, I believe most people still know too much about this knowledge, so share this article for your reference, I hope you can get something after reading this article, let's take a look at it.

What is single sign-on?

With the increase of the company's business, it is bound to produce different systems, and it will be very inconvenient if each system needs to log in separately.

As a result, single sign-on solution comes into being, single sign-on full name Single Sign On, referred to as SSO, which means that if you log on to one system in multiple system application groups, you can be authorized in all other systems without logging in again.

For example, Xiaoming logged on to Taobao today. If he did not log in, he would be required to enter authentication information (user name, password, etc.). After logging in, he would not need to log in to visit Tmall's page.

Single sign-on principle

SSO needs an independent authentication center, only the independent authentication center can accept users' user names and passwords and other security information, other systems do not provide login entry, only accept the indirect authorization of the authentication center. The whole process can be simply described with the figure above:

When the user logs in and accesses application A, application A discovers that the user is not logged in, jumps to SSO authentication center, and uses his address as a parameter to facilitate callback

SSO Certification Center discovers that the user has not logged in and guides the user to the login page; the user fills in the username and password to submit a login application; SSO Certification Center verifies the user's information and creates a session of the user's rain SSO Authentication Authority (which saves the information to cookie), and creates an authorization token token

Sso Certification Authority jumps to the original request address with a token (Application A)

Apply A to get the token and go to SSO Certification Authority to verify whether it is valid. If valid registration is returned, Application A

Use A to create a session with the user, show the resources and maintain the user login state

When the user visits Application B, he finds that the user is not logged in (the SSO authentication server is not in the same domain as Application An Application B and cannot provide login status), jumps to SSO authentication center, and brings his address and cookie information of previous conversation with SSO authentication center into

SSO Certification Authority discovers that the user is logged in, jumps back to the application B address and appends token token

The same application B gets the token and goes to SSO Certification Authority to verify whether it is valid. If you return valid registration application B,

Apply B to create a session with the user, show the resources and maintain the user login state

NodeJS demo

Three different services

Here we need to start three services to simulate the application of A _ Magi SSO authentication server and application B respectively.

Here the service of port number 8383 is the SSO authentication server, and the rest: 8686 and: 8787 represent application An and application B, respectively.

In fact, the code of application An is almost the same as that of application B. as shown in the figure above, we can set different ports and application names by passing parameters.

Let's take a look at the effect first.

First access jumps to login page

Use A to judge login status and jump to SSO authentication server

Application A

Const Koa=require ('koa'); const Router=require (' koa-router') const views=require ('koa-views') const static=require (' koa-static') const path=require ('path'); const app=new Koa (); const router=new Router (); const session=require (' koa-session') const koa2Req=require ('koa2-request') / / template engine-related configuration app.use (views (path.join (_ _ dirname,'./views')), {extension:'ejs'}) app.keys= ['key'] const keyMap= {' 8686VOVA VOLARO Sess8686AT, '8787VRO KoaVOSA Sess8787'} const CONFIG= {key:keyMap [process.env.PORT] | |' koa:sess', maxAge:1000*60*60*24, httpOnly:true} app.use (session (CONFIG) App) const system=process.env.SERVER_NAMErouter.get ("/", async (ctx) = > {/ / determine the login status of application A by session let user=ctx.session.user if (user) {/ /...} else / / 1, when the user logs in to access application A. Application A found that the user was not logged in (because the server did not save the corresponding session) {let token=ctx.query.token / / the first login url will not have a token if (! token) {/ / 1, Jump to SSO authentication server ctx.redirect (`http://localhost:8383/login?redirectUrl=${ctx.host+ctx.originalUrl}`)} else {/ /...}) app.use (router.routes ()) const port=process.env.PORT | | 8888app.listen (port) () = > {console.log (`app ${system} running at ${port} `)})

The authentication server judges the login status and renders the login page

Authentication server SSO

The directory structure of the authentication server mainly deals with two functions, one is login logic, the other is to verify the validity of tokens, which have routing login.js and check-token.js processing respectively.

Auth/index.js

Const Koa=require ('koa'); const Router=require (' koa-router') const views=require ('koa-views') const path=require (' path'); const app=new Koa (); const router=new Router () Const login=require (". / routes/login") const checkToken=require ('. / routes/check-token') const bodyparser=require ('koa-bodyparser') app.use (views (path.join (_ _ dirname,'./views')), {extension:'ejs'}) app.use (bodyparser ()) / / logical router.use (' / login',login.routes ()) / / logical router.use ('/ check_token') dealing with token verification CheckToken.routes () app.use (router.routes ()) app.listen (8383, () = > {console.log (`app listen at 8383`)})

Just now we jumped from Application A to http://localhost:8383/login?redirectUrl=localhost:8686 to look at the logic in login.

Auth/routes/login.js

Const service = require (".. / service"); const router=require ("koa-router") () router.get ('/', async (ctx) = > {const cookies=ctx.cookies; const token=cookies.get ('token'); / / determine the login state of application An if (token & & service.isTokenVailid (token)) {/ / from cookie. If you have logged in} else {/ / 2, SSO authentication authority found that the user has not logged in, so the login page is rendered; await ctx.render ('login.ejs', {extension:'ejs'})}) / /. No, no, no. Module.exports=router

Login page

Auth/views/login.ejs

Unified login user name: password

Verify user information and create tokens

Auth/routes/login.js

Router.post ('/', async (ctx) = > {/ / 2, user fill in username and password to submit login application; const body=ctx.request.body; const {name,password} = body / / 2. SSO Authentication Authority verifies user information, if (name=== "admin" & & password=== "123456") {/ / 2, create a session of user rain SSO Authentication Authority (in this case, the information will be saved to cookie), and create an authorization token token const token= "passport". Await ctx.cookies.set ('token',token, {maxAge:1000*60*60*24*30 HttpOnly:true}) if (ctx.query.redirectUrl) {/ / 3, With the token, sso Certification Authority jumps to the original request address (Application A) ctx.redirect (`${ctx.protocol}: / / ${ctx.query.redirectUrl}? token=$ {token}`) / / the rebound address is http://localhost:8686/?token=passport} else {ctx.body= "login successful!" }} else {ctx.response.body= {error:1, msg:' username or password error'})

Jump back to application A from the authentication server carrying the token

Token verification returns resources

Application A

App.use (views (path.join (_ _ dirname,'./views')), {extension:'ejs'}) /... const system=process.env.SERVER_NAMErouter.get ("/" Async (ctx) = > {let user=ctx.session.user if (user) {/ /} else / / Application An is still not logged in, but there is a token http://localhost:8686/?token=passport {let token=ctx.query.token if (! token) {/ / on url. Jump to the SSO login page} else / / when jumping back to App A, go to the logic {/ / ajax request 4. Apply A to get the token and go to SSO Certification Authority to verify whether it is valid. If you return a valid registration application A const url= `: / / localhost:8383/check_token?token=$ {token} & tweak ${new Date (). GetTime ()} `let data = await koa2Req (ctx.protocol + url) If (data & & data.body) {try {const body=JSON.parse (data.body) const {error,userId} = body / / console.log (error,userId) 0 admin if (error==0) {if (! userId) {ctx.redirect (`http://localhost:8383/login?redirectUrl=${ctx.host+ctx.originalUrl}`) return} / / register session after verification is passed Render the page / / 5. Use A to create a session with the user, show the resources and maintain the user login state ctx.session.user=userId Await ctx.render ('index.ejs', {user:userId System})} else {ctx.redirect (`http://localhost:8383/login?redirectUrl=${ctx.host+ctx.originalUrl}`)}} catch (error) {console.log (error)}) app .use (router.routes ()) const port=process.env.PORT | | 8888app.listen (port) () = > {console.log (`app ${system} running at ${port} `)})

Logic for handling authentication tokens in the corresponding SSO

Auth/routes/check-token

Const router=require ("koa-router") () const service=require (".. / service") router.get ('/', async (ctx) = > {const token=ctx.query.token; const result= {error:1} / / if (service.isTokenVailid (token)) {result.error=0; result.userId='admin'} ctx.body=result} when token is password) module.exports=router

Auth/service/index.js

Module.exports= {isTokenVailid: function (token) {if (token & & token==='passport') {return true} return false}}

At this point, the user has been able to access the application Aspire SSO server and the application A server has the information that the user has logged in.

Access Application B

Jump to SSO authentication server with cookie

Application B

/ /... router.get ("/", async (ctx) = > {let user=ctx.session.user if (user) {/ /...} else {let token=ctx.query.token / /. If (! token) {/ / also has neither session nor token, jump to SSO authentication server / / 6. When users visit application B, they find that the user is not logged in (SSO authentication server and application B are not in the same domain and cannot provide login status), jump to SSO authentication center And bring your address and cookie information from previous conversations with SSO Certification Authority to ctx.redirect (`http://localhost:8383/login?redirectUrl=${ctx.host+ctx.originalUrl}`)} else {/ /. No, no, no. Verify part of the token}) app.use (router.routes ()) const port=process.env.PORT | | 8888app.listen (port, () = > {console.log (`app ${system} running at ${port} `)})

Jump back to application B with a token from the authentication server

SSO authentication server with cookie when logging in again, so the login page Auth/routes/login will not be requested again

/ /... router.get ('/', async (ctx) = > {const cookies=ctx.cookies; const token=cookies.get ('token'); / / 7. SSO Certification Center discovers that the user is logged in, jumps back to the application B address and attaches token token if (token & & service.isTokenVailid (token)) {const redirectUrl=ctx.query.redirectUrl If (redirectUrl) {/ / jump back to application B ctx.redirect with token (`${ctx.protocol}: / / ${redirectUrl}? token=$ {token}`)} else {ctx.body= "login successful!" }} else {/ /... Render login page}}) / /..

Token verification returns resources

The logic here is the same as the five and six steps. Because token is easy to forge, it is necessary to verify whether it is true or false. Application B

App.use (views (path.join (_ _ dirname,'./views')), {extension:'ejs'}) /... const system=process.env.SERVER_NAMErouter.get ("/" Async (ctx) = > {let user=ctx.session.user if (user) {/ /} else / / App B is still not logged in, but there is a token http://localhost:8787/?token=passport {let token=ctx.query.token if (! token) {/ / on url. Jump to the SSO login page} else / / when jumping back to Application B, follow the logic {/ / ajax request 8. The same application B gets the token and goes to SSO Certification Authority to verify whether it is valid. If you return valid registration application B const url= `: / / localhost:8383/check_token?token=$ {token} & tweak ${new Date (). GetTime ()} `let data = await koa2Req (ctx.protocol + url) If (data & & data.body) {try {const body=JSON.parse (data.body) const {error,userId} = body / / console.log (error,userId) 0 admin if (error==0) {if (! userId) {ctx.redirect (`http://localhost:8383/login?redirectUrl=${ctx.host+ctx.originalUrl}`) return} / / register session after verification is passed Render the page / / 9. Apply B to create a session with the user, show the resources and maintain the user login state ctx.session.user=userId Await ctx.render ('index.ejs', {user:userId System})} else {ctx.redirect (`http://localhost:8383/login?redirectUrl=${ctx.host+ctx.originalUrl}`)}} catch (error) {console.log (error)}) app .use (router.routes ()) const port=process.env.PORT | | 8888app.listen (port) () = > {console.log (`app ${system} running at ${port} `)})

At this point, most of the logic of single sign-on has been completed. After visiting the page within the validity period of session, you no longer need to log in and return to the resources directly.

Router.get ("/", async (ctx) = > {/ / if the user information in session indicates that you have logged in, directly return the requested resource let user=ctx.session.user if (user) {await ctx.render ('index.ejs', {user, system})} / /.}) these are all the contents of the article "how to implement SSO with Nodejs" Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report