Working Sample about passport-openidconnect HOT 24 OPEN

@whindes I used https://github.com/panva/node-openid-client for that and it works great.

from passport-openidconnect.

+1

from passport-openidconnect.

I got it to work after a few tweaks, what are you having an issue with specifically?

from passport-openidconnect.

The only issue is myself. :)

I haven't used passport much and I was hoping for a quick and dirty I could slap into place to give it a shot. I thought it might be something that could benefit others as well.

Thanks!

from passport-openidconnect.

Check out the examples for passport-local (https://github.com/jaredhanson/passport-local) and then it should just be case of changing the options for your strategy. The thing I had an issue with was the call to self._verify in the getOAuthAccessToken function of the strategy. Make sure this aligned with your passport.use callback in your app.

from passport-openidconnect.

Interesting, I will check them out. Much appreciated.

from passport-openidconnect.

I'm struggling with this quite a bit. I've nabbed the passport-local example and I've started going through it but there are some basics I don't understand.

var OidcStrategy = require('passport-openidconnect').Strategy;

I've setup the strategy in passport by doing the following.

passport.use(new OidcStrategy({
authorizationURL: 'my-auth-endpoint',
tokenURL: 'my-token-endpoint',
userInfoURL: 'my-user-info-endpoint',
clientID: 'my-client',
clientSecret: 'my-client-secret',
callbackURL: '/callback'
}, verify));

I think this chunk needs to be modified to go out to the openid connect server I am trying to use for auth.

app.get('/login',
passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }),
function(req, res) {
res.redirect('/');
});

At this point, I am not quite sure how to modify this to properly interact with passport-openidconnect. I am getting confused at the point of calling the authenticate middleware.

I thought maybe I could simply call authenticate and it would attempt to hit my auth endpoint. Perhaps like this.

app.get('/login',
passport.authenticate()
);

This is resulting in a 401 without even trying to go out to the auth endpoint I specified.

Any advice?

from passport-openidconnect.

In this snippet of code:

app.get('/login',
passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }),
function(req, res) {
res.redirect('/');
});

passport.authenticate('local'... should be passport.authenticate('passport-openidconnect'...

from passport-openidconnect.

I think I'm still missing something fundamental. Here's my script.

var OidcStrategy = require('passport-openidconnect').Strategy;

passport.use(new OidcStrategy({
authorizationURL: baseAuthUrl + '/id/conn/auth',
tokenURL: baseAuthUrl + '/id/conn/token',
userInfoURL: baseAuthUrl + '/id/conn/userinfo',
clientID: 'fakeClient',
clientSecret: 'fakeSecret',
callbackURL: '/authorize'
});

app.get('/login',
passport.authenticate('passport-openidconnect', { failureRedirect: '/login', failureFlash: true }),
function(req, res) {
console.log('verify hit');

res.redirect('/');

});

When I hit /login it will tell me this:

Error: Unknown authentication strategy "passport-openidconnect"
at attempt (C:\nodeoidc\node_modules\passport\lib\middleware\authenticate.js:166:37)
at authenticate (C:\nodeoidc\node_modules\passport\lib\middleware\authenticate.js:342:7)
at Layer.handle as handle_request
at next (C:\nodeoidc\node_modules\express\lib\router\route.js:110:13)
at Route.dispatch (C:\nodeoidc\node_modules\express\lib\router\route.js:91:3)
at Layer.handle as handle_request
at C:\nodeoidc\node_modules\express\lib\router\index.js:267:22
at Function.proto.process_params (C:\nodeoidc\node_modules\express\lib\router\index.js:321:12)
at next (C:\nodeoidc\node_modules\express\lib\router\index.js:261:10)
at SendStream.error (C:\nodeoidc\node_modules\express\node_modules\serve-static\index.js:107:7)

from passport-openidconnect.

Corey,

Try this (changing passport-openidconnect to openidconnect):

app.get('/login',
passport.authenticate('openidconnect', { failureRedirect: '/login', failureFlash: true }),
function(req, res) {
console.log('verify hit');
res.redirect('/');
});

from passport-openidconnect.

That did it! I was redirected to my auth server which reported an invalid response because I don't yet have "code" allowed as a response type.

It looks like "code" is hard-coded into the source, know if there are any plans to support other response types?

from passport-openidconnect.

Good news. Just create your own local module and base it on passport-openidconnect then you can change it to whatever you like. Check the openid-connect specs for the different flows.

from passport-openidconnect.

@coreyperkins @jasps
When you write:

passport.use(new OidcStrategy({
    authorizationURL: 'my-auth-endpoint',
    tokenURL: 'my-token-endpoint',
    userInfoURL: 'my-user-info-endpoint',
    clientID: 'my-client',
    clientSecret: 'my-client-secret',
    callbackURL: '/callback'
}, verify));

Whay exactly is that function verify? If I don't pass it as a parameter then I got an error.

from passport-openidconnect.

This is the function that will capture your profile, claims etc. You need it. In this function, you will usually pull the relevant user from a database and return that user or a sub-set of user attributes, which is what I do. This is what passport will serialize in the session.

from passport-openidconnect.

Thanks @jasps for that fast reply. I understand now. Do u have a working example of this function?.

from passport-openidconnect.

Not that would help you I'm afraid. Check the samples. There is one that pulls a user from MongoDB.

from passport-openidconnect.

Thanks anyways man! @jasps
I ended up with this function, it works.

function (iss, sub, profile, done) {
  User.find({ email: profile._json.email }, function (err, docs) {
    if (docs.length == 0) {
      var user = new User({ email: profile._json.email });
      user.save();
      return done(err, user);
    } else {
      return done(err, docs[0]);
    }
  });
}

Tested against django-oidc-provider.

from passport-openidconnect.

@jasps What did you do to fix the verify callback?

The thing I had an issue with was the call to self._verify in the getOAuthAccessToken function of the strategy. Make sure this aligned with your passport.use callback in your app.

My verify callback is not getting called either.

from passport-openidconnect.

Is there any update or workaround for the response_type? It is still hard coded to "code" and it would be nice to have "id_token token". Please let us know of any alternate solutions.

from passport-openidconnect.

Got a code snippet for using the token/implicit flow?

from passport-openidconnect.

I am trying to integrate this with my sample node js project...but I am not able to understand how to invoke this...since I am getting the below error when I call this:

TypeError: Parameter "url" must be a string, not undefined (at the below line in the strategy.js of this lib)
this._key = options.sessionKey || (this.name + ':' + url.parse(options.authorizationURL).hostname);

I am passing all these parameters:
authorizationURL: 'my-auth-endpoint',
tokenURL: 'my-token-endpoint',
userInfoURL: 'my-user-info-endpoint',
clientID: 'my-client',
clientSecret: 'my-client-secret',
callbackURL: '/callback'

can someone let me know...what I am doing wrong?
Any help appreciated...Thanks!

from passport-openidconnect.

First guess is that the values you are passing are 'my-auth-endpoint' instead of the URL to your OAuth/OpenId server.

from passport-openidconnect.

@barnaby33 : did you find a code snippet for using the token/implicit flow?

from passport-openidconnect.

from passport-openidconnect.