Comments (12)
Ok I see. The version in npm
is terribly outdated. I hope @jaredhanson can release a newer version soon, as I think the strategy works as intended in current master. Some additions still lie as PRs, but current should work better than the old version in npm.
from passport-openidconnect.
Any update on this? It seems like we're still missing the id_token validation and also the verification of access-token.
from passport-openidconnect.
passport-openid
is for the older OpenID standards. OpenID Connect is quite different from the older OpenID 1 and 2.
from passport-openidconnect.
@pottabathini I don't see the TODO
you are referring to, what line are you talking about?
from passport-openidconnect.
I didn't see that TODO: in your current version but in when I install this package from npm (you can see the version which I installed in the attached file).
Please correct me if I am refering any wrong version or repository.
from passport-openidconnect.
I am attaching strategy file also for your reference. If I am referring a wrong version please let me know
strategy.zip
from passport-openidconnect.
Thank you for that. Can I configure the master version in my project? If yes I will try out with my scenarios(I am working on Azure B2C policies now) and bug you if I stuck :-)
from passport-openidconnect.
Yeah, you should be able to specify something like git://github.com/jaredhanson/passport-openidconnect.git#1cf968b6eafd11e4ceb153c2ec1e6c38b69d6592
in your package demendencies.
It's good to have the commit-ish there for now, since master
is under development and the API might change.
from passport-openidconnect.
The commit-ish you given giving many erros and it not allow me to login atleast :-( Can you guys try to push code at the earliest.
Below are the few problems we identified
- Hardcoded value for response_type to "code" (params['response_type'] in strategy.js file)
- When data returning back signin callback firing endlessly and ended up with too many redirects error.
- when validating tokens we require [jwks_uri]/ [jwks keys] also for manual settings I didn't see that option.
The current master code is working with out any flaw excpet it does not have a token vlidation part in it.
from passport-openidconnect.
Is there any plans to push code to master in near future?
from passport-openidconnect.
@pottabathini I think @jaredhanson might be too busy I'm afraid... There are a lot of forks to this repo though that are being used.
from passport-openidconnect.
I'm super confused about this. Why would we want to use the library if it doesn't verify the token? I see there are lots of checks on the id token here, but nothing to verify the token itself hasn't been tampered with. And no references to the access token. Am I missing something?
from passport-openidconnect.
Related Issues (20)
- Feature: Support for 'groups' scope
- Unable to change Response type to id_token
- InternalOAuthError: failed to obtain access token passport-openidconnect
- Param is not defined when use_strict is on
- Compatibility with cookie-session HOT 3
- Proxy issue - Is it possible to expose the _oauth2 property, similar to the passport-oauth2 strategy? HOT 1
- Unable to verify authorization request state. when I hit the auth routes by redirecting from a page but when I try again by redirecting to auth route from the page the auth works successfully HOT 1
- Sending specific state while calling passport.authenticate HOT 7
- Need to migrate off request as it creates two security exposures HOT 2
- oidc discovery well-known HOT 2
- Issue with Authorization Code Flow HOT 2
- Project status HOT 5
- REST API middleware support
- Provide an option to authenticate using header for testing HOT 1
- Typescript types package HOT 5
- [Question/Feature Request] Allow to pass additional custom function for parsing UserInfo HOT 1
- All parameters of OpenIDConnectStrategy are not given in the README.md documentation
- Ability to support additional parameters? HOT 1
- Proxy issue on OAuth2 - ENETUNREACH failed to obtain access token HOT 2
- Bug: 'openid' added to scope even if already present
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passport-openidconnect.