https://github.com/hyacinthus/restdemo/blob/master/GOLANG-RESTFUL-API.pdf
https://github.com/hyacinthus/restdemo
EExcel 丞燕快速查詢2
EExcel 丞燕快速查詢2 https://sandk.ffbizs.com/
Cordova plugin Cache problem
https://stackoverflow.com/questions/26481507/how-to-force-cordova-to-recompile-added-plugins
Cordova plugin會cache
https://stackoverflow.com/questions/26481507/how-to-force-cordova-to-recompile-added-plugins
1、先remove
2、再加回
為了以上動作執行確實,不要直接去改plugin內容,採用下例方式:
1、建立 keep_plugs
2、將plugin放到裡面,然後再add到專案
3、修改後,重新執行remove、add
cordova plugin remove cordova-android-toast
cordova plugin add keep_plugs/cordova-android-toast
Cordova plugin會cache
https://stackoverflow.com/questions/26481507/how-to-force-cordova-to-recompile-added-plugins
1、先remove
2、再加回
為了以上動作執行確實,不要直接去改plugin內容,採用下例方式:
1、建立 keep_plugs
2、將plugin放到裡面,然後再add到專案
3、修改後,重新執行remove、add
cordova plugin remove cordova-android-toast
cordova plugin add keep_plugs/cordova-android-toast
[轉]Server Side Pagination Using Node and Mongo
https://codeforgeek.com/server-side-pagination-using-node-and-mongo/
Run ubuntu docker like VM
https://jimmylab.wordpress.com/2018/12/05/ssh-docker-container/
CMD ["/usr/sbin/sshd", "-D"]
https://hub.docker.com/r/rastasheep/ubuntu-sshd/
CMD ["/usr/sbin/sshd", "-D"]
https://hub.docker.com/r/rastasheep/ubuntu-sshd/
flutter dart json decode encode
Very Important!
zhangqi : [ .... ]
chaojiangeren: [ .... ]
zhangqi : [ {....}, {....} ]
chaojiangeren: [ {....}, {....} ]
If have this, json.decode can't List
List<dynamic> => List<ItemName>
List<dynamic> => List<ItemNameAddr>
{"107年工作":{"zhangqi":[{"name":"王大明1"},{"name":"孫小明1"}],"chaojiangeren":[{"name":"nnn1","addr":"aaa1"},{"name":"nnn2","addr":"aaa2"}]},"108年法會":{"zhangqi":[{"name":"王大明1"},{"name":"孫小明1"}]}}
zhangqi : [ .... ]
chaojiangeren: [ .... ]
zhangqi : [ {....}, {....} ]
chaojiangeren: [ {....}, {....} ]
Can't have \' or \"
If have this, json.decode can't List
List<dynamic> => List<ItemName>
List<dynamic> => List<ItemNameAddr>
List<ItemName> zhangqi = List<ItemName>();
zhangqi.add(new ItemName(name:"王大明1"));
zhangqi.add(new ItemName(name:"孫小明1"));
List<ItemNameAddr> chaojiangeren = List<ItemNameAddr>();
chaojiangeren.add(new ItemNameAddr(name:"nnn1", addr:"aaa1"));
chaojiangeren.add(new ItemNameAddr(name:"nnn2", addr:"aaa2"));
class ItemName {
String name;
ItemName({ this.name }) ;
ItemName.fromJson(Map<String, dynamic> json) : name = json['name'];
Map toJson() => {"name": name }; //給json.encode使用,沒有的話,會錯誤
}
class ItemNameAddr {
String name;
String addr;
ItemNameAddr({ this.name, this.addr }) ;
ItemNameAddr.fromJson(Map<String, dynamic> json) : name = json['name'], addr = json['addr'];
Map toJson() => {"name": name, "addr": addr}; //給json.encode使用,沒有的話,會錯誤
}
Future<List<ItemName>> getListItemName(List maps) async {
return new List<ItemName>.generate(maps.length, (i) {
return ItemName(
name: maps[i]['name'],
);
});
}
Future<List<ItemNameAddr>> getListItemNameAddr(List maps) async {
return new List<ItemNameAddr>.generate(maps.length, (i) {
return ItemNameAddr(
name: maps[i]['name'],
addr: maps[i]['addr'],
);
});
}
ethereum sign verify ECDSA part 3 Final ethereumjs-util Elliptic secp256k1
https://medium.com/@antonassocareer/web3-secp256k1-%E7%B0%BD%E7%AB%A0%E8%88%87solidity%E9%A9%97%E7%AB%A0-26ded518cfdc
Elliptic 和 secp256k1 各別需要不同的方式,請閱code
phone vs secp256k1 vs ethereumjs-util
那代表 phone 產生的是符合ethereum的格式
但因為 signed的長度不符合標準的 secp256k1 ,所以只能用ethereumjs-util的工具,從fromRpcSig 匯入處理,取得 s r v ,後就能進行處理了!
Elliptic 和 secp256k1 各別需要不同的方式,請閱code
const secp256k1 = require('secp256k1')
const ejsu = require('ethereumjs-util')
Web3 = require("web3")
var web3 = new Web3(Web3.givenProvider || 'ws://some.local-or-remote.node:8546');
// phone
// private key
// address 0xAD44A8ea9A9Bb5eF66F041BB921A687331729eB4
// Message Signature Has 0xa05ac71b16172777f683edbc48e9709cffd713a82630232d7c98e0f0df5201d60329658dba83b53fed49307e03d9663c0d2e4476c8b7925c2ed02cc7f881f5271b
// Message Hello
// public key 034e17dc4aef81e0ce6d16686be5e194274795375fc5525f1cdc46fe0b4643d5d6
console.log("\n----- phone -----\n")
var buf_Signed = Buffer.from(web3.utils.hexToBytes("0xa05ac71b16172777f683edbc48e9709cffd713a82630232d7c98e0f0df5201d60329658dba83b53fed49307e03d9663c0d2e4476c8b7925c2ed02cc7f881f5271b"))
var buf_pubkey = Buffer.from(web3.utils.hexToBytes("0x034e17dc4aef81e0ce6d16686be5e194274795375fc5525f1cdc46fe0b4643d5d6"))
console.log("\x1b[32m Public Key: \x1b[0m %s \nlength: %s \n", web3.utils.bytesToHex(buf_pubkey), buf_pubkey.length)
console.log("\x1b[32m singature: \x1b[0m %o \nlength: %s \n", buf_Signed, buf_Signed.length)
// ethereumjs-util import signature fromRpcSig
console.log("\n===== ethereumjs-util =====\n")
var fromSigned = ejsu.fromRpcSig(buf_Signed)
console.log("\x1b[32m fromSigned: %o \n", fromSigned)
var message = "Hello"
prefix = '\x19Ethereum Signed Message:\n' + message.length.toString()
console.log("\x1b[32m prefix: \x1b[0m %s \n", prefix)
var message2 = prefix + message
var buf_msgHash2 = ejsu.keccak256(message2); // this is ok
var buf_msgHash = Buffer.from(web3.utils.hexToBytes(web3.utils.soliditySha3(prefix, message)))
var ecrecover_public_key = ejsu.ecrecover(buf_msgHash, fromSigned.v, fromSigned.r, fromSigned.s)
console.log("\x1b[32m ecrecover_public_key: \x1b[0m %s \n", web3.utils.bytesToHex(ecrecover_public_key))
var address = ejsu.pubToAddress(ecrecover_public_key)
console.log("\x1b[32m address: \x1b[0m %s \n", web3.utils.bytesToHex(address))
console.log("\x1b[32m toChecksumAddress address: \x1b[0m %s \n", ejsu.toChecksumAddress(web3.utils.bytesToHex(address)))
console.log("\x1b[32m address is same address: \x1b[0m %s \n", ejsu.toChecksumAddress(web3.utils.bytesToHex(address)) == '0xAD44A8ea9A9Bb5eF66F041BB921A687331729eB4')
// Elliptic
console.log("\n===== Elliptic-util =====\n")
var EC = require('elliptic').ec;
var ec = new EC('secp256k1');
//var key = ec.genKeyPair();
var key = ec.keyFromPublic(buf_pubkey); // No Private Key
//r s https://github.com/ethereumjs/ethereumjs-util/blob/599ba5b1c7043a7e155e6032c50d7a01fc63aaf1/src/signature.ts#L70
var r = buf_Signed.slice(0, 32);
var s = buf_Signed.slice(32, 64);
console.log("\x1b[32m Elliptic verify: \x1b[0m %s \n", key.verify(buf_msgHash, {r: r, s: s}));
//secp256k1
console.log("\n===== secp256k1 =====\n")
var DER_signature = secp256k1.signatureExport(buf_Signed.slice(0, 64))
var signature = secp256k1.signatureImport(DER_signature)
console.log("\x1b[32m phone Signed -> DER Signed -> signatureImport: \x1b[0m %s \nlength: %s \n", web3.utils.bytesToHex(signature), signature.length)
console.log("\x1b[32m secp256k1 verify: \x1b[0m %s \n", secp256k1.verify(buf_msgHash, signature, buf_pubkey));
console.log("\n----- phone End -----\n")
// secp256k1
// private key random => 0x9fc00a13bf199dc5606da92d61438c680eeddec04f7a1833405c1466a81c9bd7
console.log("\n----- secp256k1 -----\n")
var buf_PrivateKey = Buffer.from(web3.utils.hexToBytes('0x9fc00a13bf199dc5606da92d61438c680eeddec04f7a1833405c1466a81c9bd7'))
var buf_PublicKey = secp256k1.publicKeyCreate(buf_PrivateKey)
console.log("\x1b[32m Public Key: \x1b[0m %s \nlength: %s \n", web3.utils.bytesToHex(buf_PublicKey), buf_PublicKey.length)
var buf_msg = Buffer.alloc(32, "Hello")
var singature = secp256k1.sign(buf_msg, buf_PrivateKey)
console.log("\x1b[32m singature: \x1b[0m %o \nlength: %s \n", singature, singature.signature.length)
console.log("\x1b[32m singature: \x1b[0m %s \n", web3.utils.bytesToHex(singature.signature))
var recover_public_key = secp256k1.recover(buf_msg, singature.signature, singature.recovery)
console.log("\x1b[32m Get Back Pubkey: \x1b[0m %s \n", web3.utils.bytesToHex(recover_public_key))
console.log("\x1b[32m recover_public_key is same PublicKey: \x1b[0m %s", web3.utils.bytesToHex(recover_public_key) == web3.utils.bytesToHex(buf_PublicKey))
console.log("\n----- secp256k1 End -----\n")
// ganache
// private key 0x75b25b96be4313c5a102bd4daa6bbeb71414f23e0ae15c0f93fa6d17866003da
// addresss 0xf8d3A2033ebfc7778CD59f676235a8E431b6eeD7
console.log("\n----- ganache -----\n")
// ganache part is OK
var buf_PrivateKey = Buffer.from(web3.utils.hexToBytes('0x75b25b96be4313c5a102bd4daa6bbeb71414f23e0ae15c0f93fa6d17866003da'))
var buf_PublicKey = ejsu.privateToPublic(buf_PrivateKey)
var buf_Address = ejsu.privateToAddress(buf_PrivateKey)
console.log("\x1b[32m Public Key: \x1b[0m %s \nlength: %s \n", web3.utils.bytesToHex(buf_PublicKey), buf_PublicKey.length)
console.log("\x1b[32m Address: \x1b[0m %s \nlength: %s \n", web3.utils.bytesToHex(buf_Address), buf_Address.length)
var message = "Hello"
var buf_msgHash = ejsu.keccak256(message);
var singature = ejsu.ecsign(buf_msgHash, buf_PrivateKey)
console.log("\x1b[32m singature: \x1b[0m %o \n", singature) // have r s v
var ecrecover_public_key = ejsu.ecrecover(buf_msgHash, singature.v, singature.r, singature.s)
console.log("\x1b[32m ecrecover_public_key: \x1b[0m %s \n", web3.utils.bytesToHex(ecrecover_public_key))
console.log("\x1b[32m ecrecover_public_key is same PublicKey: \x1b[0m %s", web3.utils.bytesToHex(ecrecover_public_key) == web3.utils.bytesToHex(buf_PublicKey))
console.log("\n----- ganache End -----\n")
Result
----- phone -----
Public Key: 0x034e17dc4aef81e0ce6d16686be5e194274795375fc5525f1cdc46fe0b4643d5d6
length: 33
singature: <Buffer a0 5a c7 1b 16 17 27 77 f6 83 ed bc 48 e9 70 9c ff d7 13 a8 26 30 23 2d 7c 98 e0 f0 df 52 01 d6 03 29 65 8d ba 83 b5 3f ed 49 30 7e 03 d9 66 3c 0d 2e ... >
length: 65
===== ethereumjs-util =====
fromSigned: { v: 27,
r:
<Buffer a0 5a c7 1b 16 17 27 77 f6 83 ed bc 48 e9 70 9c ff d7 13 a8 26 30 23 2d 7c 98 e0 f0 df 52 01 d6>,
s:
<Buffer 03 29 65 8d ba 83 b5 3f ed 49 30 7e 03 d9 66 3c 0d 2e 44 76 c8 b7 92 5c 2e d0 2c c7 f8 81 f5 27> }
prefix: Ethereum Signed Message:
5
ecrecover_public_key: 0x4e17dc4aef81e0ce6d16686be5e194274795375fc5525f1cdc46fe0b4643d5d66dcc58b79553ea878b6b514b8bd2552090d0fc810bd6f9b4d585f4709f43ed41
address: 0xad44a8ea9a9bb5ef66f041bb921a687331729eb4
toChecksumAddress address: 0xAD44A8ea9A9Bb5eF66F041BB921A687331729eB4
address is same address: true
===== Elliptic-util =====
Elliptic verify: true
===== secp256k1 =====
phone Signed -> DER Signed -> signatureImport: 0xa05ac71b16172777f683edbc48e9709cffd713a82630232d7c98e0f0df5201d60329658dba83b53fed49307e03d9663c0d2e4476c8b7925c2ed02cc7f881f527
length: 64
secp256k1 verify: true
----- phone End -----
----- secp256k1 -----
Public Key: 0x037ff17f569a94f4b91317a36b54dc9a77cdd6ce004a00821ca0ebc12acaa5188d
length: 33
singature: { signature:
<Buffer 79 a4 11 c0 85 bd 1a 2d 7b bd a5 eb 1e 19 d6 75 f1 40 07 27 f7 83 82 9f 1d f6 2a d2 86 3c 8a eb 62 04 03 78 64 96 f9 10 27 61 d0 ea 79 2b 40 65 d5 45 ... >,
recovery: 1 }
length: 64
singature: 0x79a411c085bd1a2d7bbda5eb1e19d675f1400727f783829f1df62ad2863c8aeb620403786496f9102761d0ea792b4065d545608d7905af427ffa2b181b103e28
Get Back Pubkey: 0x037ff17f569a94f4b91317a36b54dc9a77cdd6ce004a00821ca0ebc12acaa5188d
recover_public_key is same PublicKey: true
----- secp256k1 End -----
----- ganache -----
Public Key: 0xba5ca43c6d8c8ec41a0449ddc35dfee96afd0a112c4667b9d09925913799be627d1a779b6114c8541650c3b31bf88d360b1e3ebc973267003c7452fef6f2da2e
length: 64
Address: 0xf8d3a2033ebfc7778cd59f676235a8e431b6eed7
length: 20
singature: { r:
<Buffer b7 f7 ff 3c 78 8f 10 db e5 46 d4 10 2a 17 cd 99 1f d3 2c 5a c8 86 e9 31 83 bc 53 8d 5f 92 8f 81>,
s:
<Buffer 6d c1 0d 0e 71 42 73 f5 64 64 96 af d4 e1 3d 49 18 09 5f 42 27 e0 0b ae 1f 5a 59 ec af 39 fd e2>,
v: 27 }
ecrecover_public_key: 0xba5ca43c6d8c8ec41a0449ddc35dfee96afd0a112c4667b9d09925913799be627d1a779b6114c8541650c3b31bf88d360b1e3ebc973267003c7452fef6f2da2e
ecrecover_public_key is same PublicKey: true
----- ganache End -----
ethereum sign verify ECDSA part 2
Sure ethereum signature is 65, but secp256k1 is 64
RangeError: signature length is invalid
Web3 = require("web3")
var web3 = new Web3(Web3.givenProvider || 'ws://some.local-or-remote.node:8546');
const secp256k1 = require('secp256k1')
// or require('secp256k1/elliptic')
// if you want to use pure js implementation in node
//ethereum test https://github.com/ethereum/go-ethereum/blob/461291882edce0ac4a28f64c4e8725b7f57cbeae/crypto/signature_test.go
msg = web3.utils.hexToBytes("0xd301ce462d3e639518f482c7f03821fec1e602018630ce621e1e7851c12343a6")
signature = web3.utils.hexToBytes("0x638a54215d80a6713c8d523a6adc4e6e73652d859103a36b700851cb0e61b66b8ebfc1a610c57d732ec6e0a8f06a9a7a28df5051ece514702ff9cdff0b11f454")
pubkey = web3.utils.hexToBytes("0x03ca634cae0d49acb401d8a4c6b6fe8c55b70d115bf400769cc1400f3258cd3138")
console.log(secp256k1.verify(msg, signature, pubKey))
ethereum sign verify ECDSA part 1
呼叫web3的部份,都需要使用ethereum geth,這部份有點麻煩
Call web3 must use ethereum, this mean need to run ganache or geth. No ok.
jsrsasign is offline to compute
ECDSA 相關的是 https://kjur.github.io/jsrsasign/sample/sample-ecdsa.html
=====
https://medium.com/@angellopozo/ethereum-signing-and-validating-13a2d7cb0ee3
https://dzone.com/articles/signing-and-verifying-ethereum-signatures
public address 只是 verify後拿來驗證是否相同
另一句話 verify後會產生public address,主要是拿sign後的值產生 r s v ,然後再用 合約的功能 ecrecover 處理
public address only for after verify product check
Other way to explain is
After verify get public address. Take signatures to make r s v, then use r s v with contract ecrecover(). ecrecover() run finish get public address.
=====
Use npm secp256k1. When you run code
https://etherscan.io/verifySig
Address
0xAD44A8ea9A9Bb5eF66F041BB921A687331729eB4
Message Signature Hash
0xa05ac71b16172777f683edbc48e9709cffd713a82630232d7c98e0f0df5201d60329658dba83b53fed49307e03d9663c0d2e4476c8b7925c2ed02cc7f881f5271b
Enter the original message that was signed
Hello
verify ok
Go back see code.
Message Signature Hash 長度 is 65
sigObj.signature.length is 64
So https://github.com/ethereum/go-ethereum/blob/dbb03fe9893dd19f6b1de1ee3b768317f22fd135/crypto/secp256k1/secp256.go#L159
This is Why. And
https://github.com/ethereum/go-ethereum/blob/dbb03fe9893dd19f6b1de1ee3b768317f22fd135/crypto/secp256k1/secp256.go#L114
Call web3 must use ethereum, this mean need to run ganache or geth. No ok.
jsrsasign is offline to compute
ECDSA 相關的是 https://kjur.github.io/jsrsasign/sample/sample-ecdsa.html
=====
https://medium.com/@angellopozo/ethereum-signing-and-validating-13a2d7cb0ee3
https://dzone.com/articles/signing-and-verifying-ethereum-signatures
public address 只是 verify後拿來驗證是否相同
另一句話 verify後會產生public address,主要是拿sign後的值產生 r s v ,然後再用 合約的功能 ecrecover 處理
public address only for after verify product check
Other way to explain is
After verify get public address. Take signatures to make r s v, then use r s v with contract ecrecover(). ecrecover() run finish get public address.
=====
Use npm secp256k1. When you run code
Web3 = require("web3")
var web3 = new Web3(Web3.givenProvider || 'ws://some.local-or-remote.node:8546');
const { randomBytes } = require('crypto')
const secp256k1 = require('secp256k1')
// or require('secp256k1/elliptic')
// if you want to use pure js implementation in node
// generate message to sign
const msg = Buffer.alloc(32, "Hello") //randomBytes(32)
// generate privKey
let privKey
do {
privKey = randomBytes(32)
} while (!secp256k1.privateKeyVerify(privKey))
var buf_privatekey = Buffer.from(web3.utils.hexToBytes('0x75b25b96be4313c5a102bd4daa6bbeb71414f23e0ae15c0f93fa6d17866003da'))
console.log("privatekey: %s", web3.utils.bytesToHex(buf_privatekey))
// get the public key in a compressed format
const pubKey = secp256k1.publicKeyCreate(privKey)
console.log("pubKey: %s", web3.utils.bytesToHex(pubKey))
// sign the message
const sigObj = secp256k1.sign(msg, privKey)
//Message Signature Hash 長度
console.log(Buffer.from(web3.utils.hexToBytes("0xa05ac71b16172777f683edbc48e9709cffd713a82630232d7c98e0f0df5201d60329658dba83b53fed49307e03d9663c0d2e4476c8b7925c2ed02cc7f881f5271b")).length)
//public key
pubkey = Buffer.from(web3.utils.hexToBytes("0x034e17dc4aef81e0ce6d16686be5e194274795375fc5525f1cdc46fe0b4643d5d6"))
//標準signature 是64
console.log(sigObj.signature.length)
console.log("secp256k1 sign finish hex: ", web3.utils.bytesToHex(sigObj.signature))
signature = Buffer.from(web3.utils.hexToBytes("0xa05ac71b16172777f683edbc48e9709cffd713a82630232d7c98e0f0df5201d60329658dba83b53fed49307e03d9663c0d2e4476c8b7925c2ed02cc7f881f5271b"))
console.log(web3.utils.bytesToHex(signature))
console.log(secp256k1.verify(msg, signature, pubKey))
// verify the signature
//console.log(secp256k1.verify(msg, sigObj.signature, pubKey))
// => true
https://etherscan.io/verifySig
Address
0xAD44A8ea9A9Bb5eF66F041BB921A687331729eB4
Message Signature Hash
0xa05ac71b16172777f683edbc48e9709cffd713a82630232d7c98e0f0df5201d60329658dba83b53fed49307e03d9663c0d2e4476c8b7925c2ed02cc7f881f5271b
Enter the original message that was signed
Hello
verify ok
Go back see code.
Message Signature Hash 長度 is 65
sigObj.signature.length is 64
So https://github.com/ethereum/go-ethereum/blob/dbb03fe9893dd19f6b1de1ee3b768317f22fd135/crypto/secp256k1/secp256.go#L159
This is Why. And
https://github.com/ethereum/go-ethereum/blob/dbb03fe9893dd19f6b1de1ee3b768317f22fd135/crypto/secp256k1/secp256.go#L114
node 8 nodejs ssl handshake error
const https = require('https');
export async function GetUserinfo(Token) {
console.log(process.env["NODE_TLS_REJECT_UNAUTHORIZED"])
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
console.log(process.env["NODE_TLS_REJECT_UNAUTHORIZED"])
const baseURL = 'https://openid.hydra:9001';
const userinfoURL = '/userinfo';
axios({
method: 'get',
headers: {
'Authorization': 'Bearer ' + Token,
'accept': 'application/json'
},
httpsAgent: new https.Agent({
rejectUnauthorized: false,
ecdhCurve: 'auto'
}),
url: userinfoURL,
baseURL: baseURL,
responseType: 'json'
}).then(function (response) {
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
No Need, No meanError: self signed certificate
Answer: rejectUnauthorized: false,
HTTPs requests to API fail: 'sslv3 alert handshake failure
Answer: ecdhCurve: 'auto'
Ory Hydra Authorization Code Exchange => access token Use openid-client
https://github.com/panva/node-openid-client/tree/v2.x
So watch https://github.com/panva/node-openid-client/tree/v2.x
node.js package use "openid-client": "2.5.0",
https://github.com/panva/node-openid-client/blob/f1b4282ac50f7e15fc195f66bf76409af4ec4b6b/lib/client.js
see if (params.code) { Can know use grant
https://github.com/panva/node-openid-client/tree/v2.x#custom-token-endpoint-grants
Important! WARNING: Node.js 12 or higher is required for openid-client@3 and above. For older Node.js versions use openid-client@2.
So watch https://github.com/panva/node-openid-client/tree/v2.x
node.js package use "openid-client": "2.5.0",
client.authorizationCallback have bug, nonce mismatch always have this error even see https://github.com/panva/node-openid-client/issues/150
Correct way
https://github.com/panva/node-openid-client/blob/f1b4282ac50f7e15fc195f66bf76409af4ec4b6b/lib/client.js
see if (params.code) { Can know use grant
https://github.com/panva/node-openid-client/tree/v2.x#custom-token-endpoint-grants
const hydraconfig= {
"oidurl": "https://openid.hydra:9001",
"redirectUri": "https://t.tt:9010/callback",
"clientid": "auth-code-client",
"clientsecretid": "secret"
}
//openid-client================
const { Issuer } = require('openid-client')
const hydraIssuer = await Issuer.discover(hydraconfig.oidurl) // => Promise
.then(function (hydradiscoverIssuer) {
console.log('Discovered issuer %s %O', hydradiscoverIssuer.issuer, hydradiscoverIssuer.metadata);
return hydradiscoverIssuer
});
const client = new hydraIssuer.Client({
client_id: hydraconfig.clientid,
client_secret: hydraconfig.clientsecretid
});
var tokenset = await client.grant({
grant_type: 'authorization_code',
code: code,
redirect_uri: hydraconfig.redirectUri,
code_verifier: '', //No value, because real use in Hydra login-consent. Not use client.authorizationUrl or client.authorizationPost
});
console.log(tokenset)
javascript console.log object
console.log('show value string, object %s %O', var.string, var.object);
Ory Hydra Authorization Code Exchange => access token
Before posts about Hydra get access token is use golang HydraOauthConfig.Exchange(ctx, code). This is easy way. But on front website like vue or other framework how to get access token.
https://github.com/ory/hydra/issues/631
Not Authorization: Bearer
YXV0aC1jb2RlLWNsaWVudDpzZWNyZXQ= => auth-code-client:secret
example: https://t.tt:9010/callback?code=cuNw76aEuckIJJyVssk2LJvqdLXffT-8Kx1s0tYFt6Y.v0Dxc2_yT9ga8c2moKx0fDbwRFVgwryAt5BJM7lOJlM&scope=openid%20offline&state=gczxkznmjkrksgytsemvwgkf
If code have error message, you need check before any step have incorrect.
https://www.ory.sh/docs/hydra/sdk/api#the-oauth-20-token-endpoint
You need to sure grant_type=authorization_code Not other options.
But SDK Document No any options example. Only suggestion you use lib. So you need to try many.
like follow
https://www.oauth.com/oauth2-servers/pkce/authorization-code-exchange/
https://community.ory.sh/t/how-configure-grant-implicit-flow/411/14
https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce
https://github.com/oauthjs/express-oauth-server/issues/55
https://www.jianshu.com/p/5cf2b7a45b75
http://www.passportjs.org/docs/oauth/
Then try out a ways.
OK. Mark is not important Required.
Use REST Client to test
POST https://openid.hydra:9001/oauth2/token
Authorization: Basic YXV0aC1jb2RlLWNsaWVudDpzZWNyZXQ=
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&code=cuNw76aEuckIJJyVssk2LJvqdLXffT-8Kx1s0tYFt6Y.v0Dxc2_yT9ga8c2moKx0fDbwRFVgwryAt5BJM7lOJlM
#&redirect_uri=https://certfront/oid/test/callback
#&scope=openid,offline
#&client_id=auth-code-client
#&code_verifier=
#&state=gczxkznmjkrksgytsemvwgkf
Import is: Authorization: Basic
https://github.com/ory/hydra/issues/631
Not Authorization: Bearer
base64(urlencode(client_id):urlencode(client_secret))
YXV0aC1jb2RlLWNsaWVudDpzZWNyZXQ= => auth-code-client:secret
code is callback code. When you login-consent finish step then callback to your set callback URL. Watch URL inside have code=
example: https://t.tt:9010/callback?code=cuNw76aEuckIJJyVssk2LJvqdLXffT-8Kx1s0tYFt6Y.v0Dxc2_yT9ga8c2moKx0fDbwRFVgwryAt5BJM7lOJlM&scope=openid%20offline&state=gczxkznmjkrksgytsemvwgkf
If code have error message, you need check before any step have incorrect.
In Ory Hydra get access token is not like sdk document
https://www.ory.sh/docs/hydra/sdk/api#the-oauth-20-token-endpoint
You need to sure grant_type=authorization_code Not other options.
But SDK Document No any options example. Only suggestion you use lib. So you need to try many.
like follow
https://www.oauth.com/oauth2-servers/pkce/authorization-code-exchange/
https://community.ory.sh/t/how-configure-grant-implicit-flow/411/14
https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce
https://github.com/oauthjs/express-oauth-server/issues/55
https://www.jianshu.com/p/5cf2b7a45b75
http://www.passportjs.org/docs/oauth/
Then try out a ways.
OK. Mark is not important Required.
#&redirect_uri=https://certfront/oid/test/callback
#&scope=openid,offline
#&client_id=auth-code-client
#&code_verifier=
#&state=gczxkznmjkrksgytsemvwgkf
oauth2 nodejs
https://peach.ebu.io/technical/tutorials/tuto-oauth2-client/
https://www.pveller.com/oauth2-with-passport-10-steps-recipe/
http://www.hitotec.com/authentification-oauth-avec-passportjs-pour-une-api-rest/
https://www.shangyang.me/2018/03/11/javascript-nodejs-passport-04-deepinto-oauth2-authenticate-process/
https://blog.yorkxin.org/2013/09/30/oauth2-4-1-auth-code-grant-flow.html
https://www.pveller.com/oauth2-with-passport-10-steps-recipe/
http://www.hitotec.com/authentification-oauth-avec-passportjs-pour-une-api-rest/
https://www.shangyang.me/2018/03/11/javascript-nodejs-passport-04-deepinto-oauth2-authenticate-process/
https://blog.yorkxin.org/2013/09/30/oauth2-4-1-auth-code-grant-flow.html
[轉]如何使用 OpenSSL 建立開發測試用途的自簽憑證 (Self-Signed Certificate)
https://blog.miniasp.com/post/2019/02/25/Creating-Self-signed-Certificate-using-OpenSSL
目前這個方式比較靠普
建立 ssl.conf 設定檔
目前這個方式比較靠普
建立 ssl.conf 設定檔
[req]
prompt = no
default_md = sha256
default_bits = 2048
distinguished_name = dn
x509_extensions = v3_req
[dn]
C = TW
ST = Taiwan
L = Taipei
O = Duotify Inc.
OU = IT Department
emailAddress = admin@example.com
CN = localhost
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.localhost
DNS.2 = localhost
DNS.3 = 192.168.2.100
openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt -config ssl.conf
oauth2 nodejs vue
https://www.ory.sh/docs/hydra/integration#interacting-with-oauth-20
https://github.com/lelylan/simple-oauth2
https://www.jianshu.com/p/5cf2b7a45b75
https://github.com/lelylan/simple-oauth2
https://www.jianshu.com/p/5cf2b7a45b75
訂閱:
文章 (Atom)