快速入门:向 Node.js Web 应用添加使用 OpenID Connect 登录功能Quickstart: Add sign in using OpenID Connect to a Node.js web app

在本快速入门中,你将下载并运行一个代码示例,该示例演示如何在使用 Node.js 和 Express 生成的 Web 应用中设置 OpenID Connect 身份验证。In this quickstart, you download and run a code sample that demonstrates how to set up OpenID Connect authentication in a web application built using Node.js with Express. 示例设计为在任何平台上运行。The sample is designed to run on any platform.

先决条件Prerequisites

注册应用程序Register your application

  1. 使用工作或学校帐户登录到 Azure 门户Sign in to the Azure portal using a work or school account.

  2. 如果你的帐户在多个 Azure AD 租户中存在:If your account is present in more than one Azure AD tenant:

    • 从页面右上角的菜单中选择你的个人资料,然后选择“切换目录”。Select your profile from the menu on the top-right corner of the page, and then Switch directory.
    • 将会话切换到要在其中创建应用程序的 Azure AD 租户。Change your session to the Azure AD tenant where you want to create your application.
  3. 导航到“Azure Active Directory”>“应用注册”以注册应用。Navigate to Azure Active Directory > App registrations to register your app.

  4. 选择“新建注册”。Select New registration.

  5. “注册应用程序”页出现后,请输入应用的注册信息:When the Register an application page appears, enter your app's registration information:

    • 在“名称”部分,输入一个要向应用用户显示的有意义的名称。In the Name section, enter a meaningful name that will be displayed to users of the app. 例如:MyWebAppFor example: MyWebApp
    • 在“支持的帐户类型”部分,选择“任何组织目录中的帐户”。 In the Supported account types section, select Accounts in any organizational directory.

    如果有多个重定向 URI,以后需要在成功创建应用后,从“身份验证”选项卡添加这些 URI。If there are more than one redirect URIs, you'll need to add these from the Authentication tab later after the app has been successfully created.

  6. 选择“注册”以创建应用。Select Register to create the app.

  7. 在应用的“概述”页上,找到“应用程序(客户端) ID”值,并记下该值供稍后使用。 On the app's Overview page, find the Application (client) ID value and record it for later. 稍后需要在此项目中使用此值来配置应用程序。You'll need this value to configure the application later in this project.

  8. 在应用的页面列表中,选择“身份验证”。In the list of pages for the app, select Authentication.

    • 在“重定向 URI”部分,选择组合框中的“Web”并输入以下重定向 URI:http://localhost:3000/auth/openid/return In the Redirect URIs section, select Web in the combo-box and enter the following redirect URI: http://localhost:3000/auth/openid/return
    • 在“高级设置”部分,将“注销 URL”设置为 https://localhost:3000In the Advanced settings section, set Logout URL to https://localhost:3000.
    • 在“高级设置”>“隐式授权”部分,选中“ID 令牌”,因为此示例需要启用“隐式授权流”才能将用户登录。 In the Advanced settings > Implicit grant section, check ID tokens as this sample requires the Implicit grant flow to be enabled to sign-in the user.
  9. 选择“保存” 。Select Save.

  10. 在“证书和机密”页中的“客户端机密”部分,选择“新建客户端机密”。 From the Certificates & secrets page, in the Client secrets section, choose New client secret.

    • 输入实例应用机密的密钥说明。Enter a key description (for instance app secret).
    • 选择密钥持续时间“1 年”、“2 年”或“永不过期”。 Select a key duration of either In 1 year, In 2 years, or Never Expires.
    • 单击“添加”按钮时,将显示密钥值。When you click the Add button, the key value will be displayed. 复制密钥值并将其保存在安全的位置。Copy the key value and save it in a safe location.

    稍后需要使用此密钥来配置应用程序。You'll need this key later to configure the application. 此密钥值将不再显示,也无法通过其他任何方式检索,因此,在 Azure 门户中显示后,请尽快记下此值。This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.

下载示例应用程序和模块Download the sample application and modules

接下来,克隆示例存储库并安装 NPM 模块。Next, clone the sample repo and install the NPM modules.

从 shell 或命令行:From your shell or command line:

$ git clone git@github.com:AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs.git

or

$ git clone https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-nodejs.git

从项目根目录中运行以下命令:From the project root directory, run the command:

$ npm install

配置应用程序Configure the application

根据说明在 config.js 的 exports.creds 中提供参数。Provide the parameters in exports.creds in config.js as instructed.

  • 使用 *.partner.onmschina.cn 格式的 Azure AD 租户名称更新 exports.identityMetadata 中的 <tenant_name>Update <tenant_name> in exports.identityMetadata with the Azure AD tenant name of the format *.partner.onmschina.cn.
  • 使用应用注册过程中记下的应用程序 ID 更新 exports.clientIDUpdate exports.clientID with the Application ID noted from app registration.
  • 使用应用注册过程中记下的应用程序机密更新 exports.clientSecretUpdate exports.clientSecret with the Application secret noted from app registration.
  • 使用应用注册过程中记下的重定向 URI 更新 exports.redirectUrlUpdate exports.redirectUrl with the Redirect URI noted from app registration.

生产应用的可选配置:Optional configuration for production apps:

  • 若要使用不同的 post_logout_redirect_uri,请更新 node.js 中的 exports.destroySessionUrlUpdate exports.destroySessionUrl in config.js, if you want to use a different post_logout_redirect_uri.

  • 若要使用 mongoDB 或其他兼容的会话存储,请将 config.js 中的 exports.useMongoDBSessionStore 设置为 true。Set exports.useMongoDBSessionStore in config.js to true, if you want to use mongoDB or other compatible session stores. 此示例中的默认会话存储为 express-sessionThe default session store in this sample is express-session. 默认会话存储不适合在生产环境中使用。The default session store is not suitable for production.

  • 若要使用 mongoDB 会话存储和不同的数据库 URI,请更新 exports.databaseUriUpdate exports.databaseUri, if you want to use mongoDB session store and a different database URI.

  • 更新 exports.mongoDBSessionMaxAgeUpdate exports.mongoDBSessionMaxAge. 可在此处指定要将会话保留在 mongoDB 中多长时间。Here you can specify how long you want to keep a session in mongoDB. 单位为秒。The unit is second(s).

生成并运行应用程序Build and run the application

启动 mongoDB 服务。Start mongoDB service. 如果在此应用中使用 mongoDB 会话存储,必须先安装 mongoDB 并启动服务。If you are using mongoDB session store in this app, you have to install mongoDB and start the service first. 如果使用默认会话存储,则可以跳过此步骤。If you are using the default session store, you can skip this step.

从命令行使用以下命令运行应用。Run the app using the following command from your command line.

$ node app.js

服务器输出是否难以理解? 此示例使用 bunyan 进行日志记录。Is the server output hard to understand?: We use bunyan for logging in this sample. 除非同时安装了 bunyan 并按如上所述运行服务器,但通过管道在其中传送 bunyan 二进制文件,否则控制台没有太大作用:The console won't make much sense to you unless you also install bunyan and run the server like above but pipe it through the bunyan binary:

$ npm install -g bunyan

$ node app.js | bunyan

大功告成!You're done!

将有一个服务器在 http://localhost:3000 上成功运行。You will have a server successfully running on http://localhost:3000.

帮助和支持Help and support

如果需要帮助、需要报告问题,或者需要详细了解支持选项,请参阅面向开发人员的帮助和支持If you need help, want to report an issue, or would like to learn about your support options, see Help and support for developers.

后续步骤Next steps

详细了解 Microsoft 标识平台支持的 Web 应用方案:Learn more about the web app scenario that the Microsoft identity platform supports: