就是这本书的勘误奥,别找错了
我在学习OAuth的时候看了这本书,并按照书籍中的示例进行了一下代码的编写,中间也遇到了一些问题,以下是在书籍官网(https://manning-content.s3.amazonaws.com/download/e/f23189b-69ff-4802-b99e-512f9e36ca3b/Richer_OAuth2InAction_err3.html)上寻找的勘误粘贴在下边,供大家便于查改,然后后边还有我自己找到的部分问题,会在文章末尾.
3.2.2 on page 50
Current text is:
res.render('index', {access_token: body.access_token});
Should instead read:
res.render('index', {access_token: body.access_token, scope: scope});
4.3.1 on page 67
Three instances of this line:
res.status(403);
Should instead read:
res.status(403).end();
5.2.2 on page 81
Current text is:
...whether the user clicked the Approve button or the.
Should instead read:
...whether the user clicked the Approve button or the Deny button.
6.1.1 on page 96
Current text is:
nosql.insert({ access_token: access_token, client_id: clientId, scope: rscope });
Should instead read:
nosql.insert({ access_token: access_token, client_id: client.client_id, scope: rscope });
7.3 on page 126
Current text is:
ch-7-ex-0
Should instead read:
ch-7-ex-1
7.3 on page 126
Context is missing from the final code snippet that starts with:
if (!client.client_id) {
...
}
This code needs to go into the index.html
file of the native application and needs to be wrapped with a loading function:
var protectedResource = 'http://localhost:9002/resource';
window.onload = function() {
if (!client.client_id) {
...
}
}
7.4.1 on page 129
Current text:
redirect_uri=https://yourouauthclient.com/
Should instead read:
redirect_uri=https://yourouauthclient.com/oauth/oauthprovider/callback
8.2.2 on page 148
Current text is:
"...only if they are from served from the same..."
Should instead read:
"...only if they are served from the same..."
9.2 on page 157
Current text is:
if (code.authorizationEndpointRequest.client_id == clientId) {
Should instead read:
if (code.request.client_id == clientId) {
9.4 on page 162
Current text is:
Nevertheless, the attacker hijacked the authorization code though a maliciously crafted URI.
Should instead read:
Nevertheless, the attacker hijacked the authorization code through a maliciously crafted URI.
10.2 on page 170
Current text is:
A token might contain sensitive information about the system and the attacker is then something that they couldn't know otherwise.
Should instead read:
A token might contain sensitive information about the system and the attacker is then exposed to something that they couldn't know otherwise.
10.4.1 on page 178
Highlighting of the code snippet implies that only one line is required to be added, where in reality the entire code snippet needs to be added. The first line of the snippet provides the context of the code to be inserted.
13.5.3 on page 250
Current text is:
/.well-know/webfinger
Should instead read:
/.well-known/webfinger
这里是官网上没有的部分:
先说一下我本地的环境: nodejs v10.16.3
在运行示例 ch-3-ex-1和ch-3-ex-2 时报错 :TypeError [ERR_INVALID_CALLBACK]: Callback must be a function 在资源接口验证Token时
需要把 ch-3-ex-1/node_modules/nosql/index.js:2388:8 的
fs.close(fd);
修改为
fs.close(fd, function(err, result) {});
示例 ch-12-ex-2/authorizationServer.js 文件运行是报错
需要把 ch-12-ex-2authorizationServer.js:242:1 的
var checkClientMetadata(req, res) {
修改为
var checkClientMetadata = function (req, res) {