我使用Devise和Doorkeeper创建了一个Rails应用程序,用于身份验证,以用作React Native应用程序的**OAuth2 PKCE* a API。
预期行为:
当我使用在PKCE流程的步骤B中收到的代码发送POST请求时,返回身份验证令牌
实际行为
它会传回这个错误,而不是Token:
{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
}如何重现错误:
- 对于React原生应用程序:
expo init auth-pkce-app--〉选择Typescrit空白模板expo install expo-linking expo-web-browser js-sha256个
1.然后将App.tsx中的代码替换为以下代码:
import React, { useEffect, useState } from "react";
import { Button, StyleSheet, Text, View } from "react-native";
import * as Linking from "expo-linking";
import * as WebBrowser from "expo-web-browser";
import { sha256 } from "js-sha256";
const CLIENT_ID = "Ox8_PbOB3g9kBy1HsuEWm6ieePS35jQWcaP_a2D6EmU";
const CLIENT_SECRET = "Z2TJo0AZeseyVvpua7piCPTBXA2v2pIAI3aBKpP1n8c";
const CODE_VERIFIER = "Antante";
const code_challenge = sha256(CODE_VERIFIER);
const code_chanllenge_method = "S256";
const AUTHORIZE_URL =
`http://localhost:3000/oauth/authorize` +
`?client_id=${CLIENT_ID}` +
`&redirect_uri=${Linking.createURL("")}` +
`&response_type=code` +
`&scope=write` +
`&code_challenge=${code_challenge}` +
`&code_challenge_method=${code_chanllenge_method}`;
const TOKEN_URL =
"http://localhost:3000/oauth/token" +
`?client_id=${CLIENT_ID}` +
`&client_secret=${CLIENT_SECRET}` +
"&grant_type=authorization_code" +
`&code_verifier=${CODE_VERIFIER}` +
`&redirect_uri=${Linking.createURL("")}`;
const App: React.FC<{}> = () => {
const [state, setState] = useState<{
redirectData?: Linking.ParsedURL | null;
result?: WebBrowser.WebBrowserAuthSessionResult;
}>({
redirectData: null,
});
useEffect(() => {
fetchToken();
}, [state]);
const fetchToken = async () => {
try {
const response = await fetch(
TOKEN_URL + `&code=${state.redirectData?.queryParams.code}`,
{
method: "POST",
}
);
const data = await response.json();
console.log(data);
} catch (err) {
console.log(err);
}
};
const openAuthSessionAsync = async () => {
try {
let result = await WebBrowser.openAuthSessionAsync(
AUTHORIZE_URL,
Linking.createURL("")
);
let redirectData;
if (result.type === "success") {
redirectData = Linking.parse(result.url);
}
setState({ result, redirectData });
} catch (error) {
alert(error);
console.log(error);
}
};
const maybeRenderRedirectData = () => {
if (!state.redirectData) {
return;
}
console.log(state.redirectData);
return (
<Text style={{ marginTop: 30 }}>
{JSON.stringify(state.redirectData)}
</Text>
);
};
return (
<View style={styles.container}>
<Button onPress={openAuthSessionAsync} title="Go to login" />
<Text>{Linking.createURL("")}</Text>
{maybeRenderRedirectData()}
</View>
);
};
export default App;
const styles = StyleSheet.create({
container: {
flex: 1,
backgroundColor: "#fff",
alignItems: "center",
justifyContent: "center",
paddingBottom: 40,
},
header: {
fontSize: 25,
marginBottom: 25,
},
});1.使用yarn start和〈〈记住“转到登录”按钮下的重定向链接〉〉启动应用程序
- 对于带Doorkeeper的Rails应用程序
git clone git@github.com:dogaruemiliano/pkce-auth.git rails-pkce-authbundle install
1.转到db/seeds.rb,用上面提到的链接替换文件(REDIRECT_URI = 'exp://192.168.0.107:19000')顶部的链接。rails db:migrate db:seed
^这将在终端中输出Doorkeeper::应用程序详细信息(id,secret)rails g webpacker:install
1.钢轨S
1条答案
按热度按时间mznpcxlj1#
问题出在sha256编码上。在您的示例中,从
js-sha256返回的编码是基于十六进制的,但我们需要匹配来自doorkeeper的urlsafe base64编码的sha256:使用
expo-crypto可能更容易实现这一点,例如:希望能有所帮助。