使用azure b2c 需要授权
原始文档中的所有设置https://next-auth.js.org/providers/azure-ad-b2c
import AzureADB2CProvider from 'next-auth/providers/azure-ad-b2c';
import NextAuth from 'next-auth';
export default NextAuth({
providers: [
AzureADB2CProvider({
tenantId: process.env.AZURE_AD_B2C_TENANT_NAME,
clientId: process.env.AZURE_AD_B2C_CLIENT_ID as string,
clientSecret: process.env.AZURE_AD_B2C_CLIENT_SECRET as string,
primaryUserFlow: process.env.AZURE_AD_B2C_PRIMARY_USER_FLOW,
authorization: { params: { scope: 'offline_access openid' } },
}),
],
});
.env.local已经使用了正确的数据(根据指南(,但在尝试登录时出现此错误http://localhost:3000/api/auth/signin:
stack: "Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: somename.onmicrosoft.com.b2clogin.com. is
not in the cert's altnames: DNS:graph.windows.net, DNS:*.aadg.windows.net, DNS:*.aadkds.ppe.reporting.msidentity.com, DNS:*.aadkds.prd.reporting.msidentity
.com, DNS:*.accesscontrol.aadtst3.windows-int.net, DNS:*.accesscontrol.windows-ppe.net, DNS:*.accesscontrol.windows.net, DNS:*.adls.aadkds.ppe.reporting.ms
identity.com, DNS:*.adls.aadkds.prd.reporting.msidentity.com, DNS:*.adti.aadkds.ppe.reporting.msidentity.com, DNS:*.adti.aadkds.prd.reporting.msidentity.co
m, DNS:*.authapp.net, DNS:*.authorization.azure-ppe.net, DNS:*.authorization.azure.net, DNS:*.b2clogin.com, DNS:*.cpim.windows.net, DNS:*.d2k.aadkds.ppe.re
porting.msidentity.com, DNS:*.d2k.aadkds.prd.reporting.msidentity.com, DNS:*.fp.measure.office.com, DNS:*.gateway.windows.net, DNS:*.Identity.azure-int.net
, DNS:*.Identity.azure.net, DNS:*.login.live.com, DNS:*.login.microsoft.com, DNS:*.login.microsoftonline.com, DNS:*.login.windows-ppe.net, DNS:*.logincert.
microsoft.com, DNS:*.logincert.windows-ppe.net, DNS:*.microsoftaik-int.azure-int.net, DNS:*.microsoftaik.azure.net, DNS:*.pt.aadg.msidentity.com, DNS:*.r.l
ogin.microsoft.com, DNS:*.r.login.microsoftonline.com, DNS:*.r.prd.aadg.msidentity.com, DNS:*.windows-ppe.net, DNS:aadcdn.privatelink.msidentity.com, DNS:a
adcdnimages.privatelink.msidentity.com, DNS:aadg.windows.net, DNS:aadgcdn.windows-int.net, DNS:aadgcdn.windows.net, DNS:aadgv6.ppe.windows.net, DNS:aadgv6.
windows.net, DNS:accesscontrol.aadtst3.windows-int.net, DNS:account.live-int.com, DNS:account.live.com, DNS:api.login.live-int.com, DNS:api.login.microsoft
online.com, DNS:api.password.ccsctp.com, DNS:api.passwordreset.microsoftonline.com, DNS:autologon.microsoftazuread-sso.com, DNS:becws.ccsctp.com, DNS:clien
tconfig.microsoftonline-p-int.net, DNS:clientconfig.microsoftonline-p.net, DNS:companymanager.ccsctp.com, DNS:companymanager.microsoftonline.com, DNS:cpim.
windows.net, DNS:device.login.microsoftonline.com, DNS:device.login.windows-ppe.net, DNS:directoryproxy.ppe.windows.net, DNS:directoryproxy.windows.net, DN
S:gatewayforking.windows.net, DNS:graph.ppe.windows.net, DNS:graphstore.windows.net, DNS:ipv6.login.live-int.com, DNS:login-us.microsoftonline.com, DNS:log
in.live-int.com, DNS:login.live.com, DNS:login.microsoft-ppe.com, DNS:login.microsoft.com, DNS:login.microsoftonline-int.com, DNS:login.microsoftonline-p.c
om, DNS:login.microsoftonline-pst.com, DNS:login.microsoftonline.com, DNS:login.passport-int.com, DNS:login.windows.net, DNS:logincert.microsoftonline-int.
com, DNS:logincert.microsoftonline.com, DNS:loginnet.passport-int.com, DNS:microsoftaik-int.azure-int.net, DNS:microsoftaik.azure.net, DNS:msnia.login.live
-int.com, DNS:msnialogin.passport-int.com, DNS:nexus.microsoftonline-p-int.com, DNS:nexus.microsoftonline-p.com, DNS:nexus.passport-int.com, DNS:pas.window
s-ppe.net, DNS:pas.windows.net, DNS:password.ccsctp.com, DNS:passwordreset.activedirectory.windowsazure.us, DNS:passwordreset.microsoftonline.com, DNS:ppe.
aadcdn.privatelink.msidentity.com, DNS:provisioning.microsoftonline.com, DNS:signup.live-int.com, DNS:signup.live.com, DNS:sts.windows.net, DNS:tools.login.live-int.com, DNS:xml.login.live-int.com, DNS:xml.login.live.comn" +
' at new NodeError (node:internal/errors:387:5)n' +
' at Object.checkServerIdentity (node:tls:337:12)n' +
' at TLSSocket.onConnectSecure (node:_tls_wrap:1544:27)n' +
' at TLSSocket.emit (node:events:513:28)n' +
' at TLSSocket._finishInit (node:_tls_wrap:948:8)n' +
' at ssl.onhandshakedone (node:_tls_wrap:729:12)',
name: 'Error'
},
providerId: 'azure-ad-b2c',
有人知道怎么修吗?谷歌一点帮助都没有。看起来azure工作得很好(可以从链接签名(,但它不适用于nextjs和next-auth
我得到了同样的错误
这是AZURE_AD_B2C_TENANT_NAME的问题,应该是yourTenantName,而不是yourTenantName.onmicrosoft.com。