《OAuth2实战》书籍勘误

就是这本书的勘误奥,别找错了

 

  我在学习OAuth的时候看了这本书,并按照书籍中的示例进行了一下代码的编写,中间也遇到了一些问题,以下是在书籍官网(https://manning-content.s3.amazonaws.com/download/e/f23189b-69ff-4802-b99e-512f9e36ca3b/Richer_OAuth2InAction_err3.html)上寻找的勘误粘贴在下边,供大家便于查改,然后后边还有我自己找到的部分问题,会在文章末尾.

 

---

3.2.2 on page 50

Current text is:

res.render('index', {access_token: body.access_token});
			

Should instead read:

res.render('index', {access_token: body.access_token, scope: scope});
			

4.3.1 on page 67

Three instances of this line:

res.status(403);
			

Should instead read:

res.status(403).end();
			

5.2.2 on page 81

Current text is:

...whether the user clicked the Approve button or the.

Should instead read:

...whether the user clicked the Approve button or the Deny button.

6.1.1 on page 96

Current text is:

nosql.insert({ access_token: access_token, client_id: clientId, scope: rscope });
			

Should instead read:

nosql.insert({ access_token: access_token, client_id: client.client_id, scope: rscope });
			

7.3 on page 126

Current text is:

ch-7-ex-0

Should instead read:

ch-7-ex-1

7.3 on page 126

Context is missing from the final code snippet that starts with:

if (!client.client_id) {
	...
}
			

This code needs to go into the index.html file of the native application and needs to be wrapped with a loading function:

var protectedResource = 'http://localhost:9002/resource';
      
window.onload = function() {

  if (!client.client_id) {
	  ...
  }

  
}

7.4.1 on page 129

Current text:

redirect_uri=https://yourouauthclient.com/

Should instead read:

redirect_uri=https://yourouauthclient.com/oauth/oauthprovider/callback

8.2.2 on page 148

Current text is:

"...only if they are from served from the same..."

Should instead read:

"...only if they are served from the same..."

9.2 on page 157

Current text is:

if (code.authorizationEndpointRequest.client_id == clientId) {

Should instead read:

if (code.request.client_id == clientId) {

9.4 on page 162

Current text is:

Nevertheless, the attacker hijacked the authorization code though a maliciously crafted URI.

Should instead read:

Nevertheless, the attacker hijacked the authorization code through a maliciously crafted URI.

10.2 on page 170

Current text is:

A token might contain sensitive information about the system and the attacker is then something that they couldn't know otherwise.

Should instead read:

A token might contain sensitive information about the system and the attacker is then exposed to something that they couldn't know otherwise.

10.4.1 on page 178

Highlighting of the code snippet implies that only one line is required to be added, where in reality the entire code snippet needs to be added. The first line of the snippet provides the context of the code to be inserted.

13.5.3 on page 250

Current text is:

/.well-know/webfinger

Should instead read:

/.well-known/webfinger

---

 

这里是官网上没有的部分:

先说一下我本地的环境: nodejs v10.16.3

在运行示例 ch-3-ex-1和ch-3-ex-2 时报错 :TypeError [ERR_INVALID_CALLBACK]: Callback must be a function 在资源接口验证Token时 

需要把 ch-3-ex-1/node_modules/nosql/index.js:2388:8  的

fs.close(fd);

修改为

fs.close(fd, function(err, result) {});

 

示例 ch-12-ex-2/authorizationServer.js 文件运行是报错

需要把 ch-12-ex-2authorizationServer.js:242:1 的

var checkClientMetadata(req, res) {

修改为

var checkClientMetadata = function (req, res) {

 

以上,如后续还有发现应该会持续更新!