来自此请求的重定向 URI 与来自授权请求的重定向 URI 不匹配，即使它们相同

Question

所以我正在使用 ORY/Hydra 来托管 OAuth 2.0 服务器，并且正在构建一个示例客户端来演示流程。我在查询参数中使用redirect_uri 调用/oauth2/auth 端点，然后使用simple-oauth2 调用/oauth2/token 来获取访问令牌。

我可以通过我的 API 在 Hydra 服务器中创建一个客户端，响应是一个有效的 JSON，其中一个回调 URL 是 `http://localhost:3000/callback'

{
    "id": "cbf09258-7f8e-4147-93c1-aa7e2e7b99b3",
    "name": "Test App 1",
    "clientId": "515e7876-881e-4f3a-b489-20ed7300c745",
    "clientSecret": "deleted",
    "clientSecretExpiresAt": 0,
    "token": 
"$2a$08$bWZMUf5wgEpOcoUjsJ5l/uS5LaTmqrC40FTnfegzelE69H8JAFrMW",
    "callbackUrl": [
        "127.0.0.1:3000",
        "localhost:3000/callback",
        "http://localhost:3000/callback"
    ],
    "url": "",
    "imageBanner": "",
    "imageIcon": "",
    "createdAt": "2019-02-04T19:14:22.193152Z",
    "updatedAt": "2019-02-04T19:14:22.193152Z"
}

流程也从localhost:3000/callback 开始，我的jade 文件呈现一个调用/oauth2/auth 的链接，如下所示

block content
    h1 Whew
    a(href="http://localhost:4444/oauth2/auth?client_id=" + clientid + "&scope=openid offline&response_type=code&redirect_uri=http://localhost:3000/callback&state=haardik123") Authorize

最后，如果查询中存在code 参数，则处理程序包括调用/oauth2/token 的代码，如下所示：(callback.js)

const oauth2 = simpleOauthModule.create({
    client: {
        id: process.env.CLIENT_ID,
        secret: process.env.CLIENT_SECRET,
    },
    auth: {
        tokenHost: 'http://localhost:4444',
        tokenPath: '/oauth2/token',
        authorizePath: '/oauth2/auth',
    },
});

// Authorization uri definition
const authorizationUri = oauth2.authorizationCode.authorizeURL({
    redirect_uri: 'http://localhost:3000/callback',
    scope: 'openid offline',
    state: 'haardik123',
});

router.get('/', async function (req, res, next) {
    var query = url.parse(req.url, true).query;
    var clientid = process.env.CLIENT_ID;
    var code = query.code;
    const options = {
        code,
    };

    if (code) {
        try {
            const result = await oauth2.authorizationCode.getToken(options);

            console.log('The resulting token: ', result);

            const token = oauth2.accessToken.create(result);

            return res.status(200).json(token)
        } catch(error) {
            console.error('Access Token Error', error.message);
            return res.status(500).json('Authentication failed');
        }
    }
    res.render('callback', {
        clientid: clientid
    });
});

流程正常进行，直到我在查询参数中使用code 重定向回localhost:3000/callback，但随后显示Status 400: Bad request - Authentication Failed

Hydra 日志显示

time="2019-02-04T19:16:05Z" level=info msg="started handling request" method=POST remote="172.29.0.1:35130" request=/oauth2/token
time="2019-02-04T19:16:05Z" level=error msg="An error occurred" description="The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed" error=invalid_request hint="The \"redirect_uri\" from this request does not match the one from the authorize request."
time="2019-02-04T19:16:05Z" level=info msg="completed handling request" measure#http://localhost:4444.latency=60183900 method=POST remote="172.29.0.1:35130" request=/oauth2/token status=400 text_status="Bad Request" took=60.1839ms

我不确定为什么 redirect_uri 不匹配，因为看起来我做的一切都很好——希望对此有任何见解，谢谢！

Answer 1

通过将redirect_uri 添加到传递给oauth2.authorizationCode.getToken(options) 的options 对象来解决这个问题

将对象更改为

const options = {
    code,
    redirect_uri: "http://localhost:3000/callback",
};

成功了！