《OAuth2实战》书籍勘误
就是这本书的勘误奥,别找错了
我在学习OAuth的时候看了这本书,并按照书籍中的示例进行了一下代码的编写,中间也遇到了一些问题,以下是在书籍官网(https://manning-content.s3.amazonaws.com/download/e/f23189b-69ff-4802-b99e-512f9e36ca3b/Richer_OAuth2InAction_err3.html)上寻找的勘误粘贴在下边,供大家便于查改,然后后边还有我自己找到的部分问题,会在文章末尾.
3.2.2 on page 50
Current text is:
res.render('index', {access_token: body.access_token});
Should instead read:
res.render('index', {access_token: body.access_token, scope: scope});
4.3.1 on page 67
Three instances of this line:
res.status(403);
Should instead read:
res.status(403).end();
5.2.2 on page 81
Current text is:
...whether the user clicked the Approve button or the.
Should instead read:
...whether the user clicked the Approve button or the Deny button.
6.1.1 on page 96
Current text is:
nosql.insert({ access_token: access_token, client_id: clientId, scope: rscope });
Should instead read:
nosql.insert({ access_token: access_token, client_id: client.client_id, scope: rscope });
7.3 on page 126
Current text is:
ch-7-ex-0
Should instead read:
ch-7-ex-1
7.3 on page 126
Context is missing from the final code snippet that starts with:
if (!client.client_id) {
...
}
This code needs to go into the index.html
file of the native application and needs to be wrapped with a loading function:
var protectedResource = 'http://localhost:9002/resource';
window.onload = function() {
if (!client.client_id) {
...
}
}
7.4.1 on page 129
Current text:
redirect_uri=https://yourouauthclient.com/
Should instead read:
redirect_uri=https://yourouauthclient.com/oauth/oauthprovider/callback
8.2.2 on page 148
Current text is:
"...only if they are from served from the same..."
Should instead read:
"...only if they are served from the same..."
9.2 on page 157
Current text is:
if (code.authorizationEndpointRequest.client_id == clientId) {
Should instead read:
if (code.request.client_id == clientId) {
9.4 on page 162
Current text is:
Nevertheless, the attacker hijacked the authorization code though a maliciously crafted URI.
Should instead read:
Nevertheless, the attacker hijacked the authorization code through a maliciously crafted URI.
10.2 on page 170
Current text is:
A token might contain sensitive information about the system and the attacker is then something that they couldn't know otherwise.
Should instead read:
A token might contain sensitive information about the system and the attacker is then exposed to something that they couldn't know otherwise.
10.4.1 on page 178
Highlighting of the code snippet implies that only one line is required to be added, where in reality the entire code snippet needs to be added. The first line of the snippet provides the context of the code to be inserted.
13.5.3 on page 250
Current text is:
/.well-know/webfinger
Should instead read:
/.well-known/webfinger
这里是官网上没有的部分:
先说一下我本地的环境: nodejs v10.16.3
在运行示例 ch-3-ex-1和ch-3-ex-2 时报错 :TypeError [ERR_INVALID_CALLBACK]: Callback must be a function 在资源接口验证Token时
需要把 ch-3-ex-1/node_modules/nosql/index.js:2388:8 的
fs.close(fd);
修改为
fs.close(fd, function(err, result) {});
示例 ch-12-ex-2/authorizationServer.js 文件运行是报错
需要把 ch-12-ex-2authorizationServer.js:242:1 的
var checkClientMetadata(req, res) {
修改为
var checkClientMetadata = function (req, res) {
以上,如后续还有发现应该会持续更新!
上一篇: Prim算法
推荐阅读
-
现货黄金投资技巧书籍(黄金期货交易实战技巧)
-
OAuth2简易实战(三)-JWT
-
[书籍精读]《响应式Web设计 HTML5和CSS3实战(第二版)》精读笔记分享
-
OAuth2简易实战(四)-Github社交联合登录
-
OAuth2简易实战(一)
-
Python 3网络爬虫开发实战书籍
-
阿里大牛带你玩转spring全家桶实战篇,附送4本spring电子版书籍
-
Spring Cloud实战 | 最终篇:Spring Cloud Gateway+Spring Security OAuth2集成统一认证授权平台下实现注销使JWT失效方案
-
《OAuth2实战》书籍勘误
-
现货黄金投资技巧书籍(黄金期货交易实战技巧)