Comments (24)
@whindes I used https://github.com/panva/node-openid-client for that and it works great.
from passport-openidconnect.
+1
from passport-openidconnect.
I got it to work after a few tweaks, what are you having an issue with specifically?
from passport-openidconnect.
The only issue is myself. :)
I haven't used passport much and I was hoping for a quick and dirty I could slap into place to give it a shot. I thought it might be something that could benefit others as well.
Thanks!
from passport-openidconnect.
Check out the examples for passport-local (https://github.com/jaredhanson/passport-local) and then it should just be case of changing the options for your strategy. The thing I had an issue with was the call to self._verify in the getOAuthAccessToken function of the strategy. Make sure this aligned with your passport.use callback in your app.
from passport-openidconnect.
Interesting, I will check them out. Much appreciated.
from passport-openidconnect.
I'm struggling with this quite a bit. I've nabbed the passport-local example and I've started going through it but there are some basics I don't understand.
var OidcStrategy = require('passport-openidconnect').Strategy;
I've setup the strategy in passport by doing the following.
passport.use(new OidcStrategy({
authorizationURL: 'my-auth-endpoint',
tokenURL: 'my-token-endpoint',
userInfoURL: 'my-user-info-endpoint',
clientID: 'my-client',
clientSecret: 'my-client-secret',
callbackURL: '/callback'
}, verify));
I think this chunk needs to be modified to go out to the openid connect server I am trying to use for auth.
app.get('/login',
passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }),
function(req, res) {
res.redirect('/');
});
At this point, I am not quite sure how to modify this to properly interact with passport-openidconnect. I am getting confused at the point of calling the authenticate middleware.
I thought maybe I could simply call authenticate and it would attempt to hit my auth endpoint. Perhaps like this.
app.get('/login',
passport.authenticate()
);
This is resulting in a 401 without even trying to go out to the auth endpoint I specified.
Any advice?
from passport-openidconnect.
In this snippet of code:
app.get('/login',
passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }),
function(req, res) {
res.redirect('/');
});
passport.authenticate('local'... should be passport.authenticate('passport-openidconnect'...
from passport-openidconnect.
I think I'm still missing something fundamental. Here's my script.
var OidcStrategy = require('passport-openidconnect').Strategy;
passport.use(new OidcStrategy({
authorizationURL: baseAuthUrl + '/id/conn/auth',
tokenURL: baseAuthUrl + '/id/conn/token',
userInfoURL: baseAuthUrl + '/id/conn/userinfo',
clientID: 'fakeClient',
clientSecret: 'fakeSecret',
callbackURL: '/authorize'
});
app.get('/login',
passport.authenticate('passport-openidconnect', { failureRedirect: '/login', failureFlash: true }),
function(req, res) {
console.log('verify hit');
res.redirect('/');
});
When I hit /login it will tell me this:
Error: Unknown authentication strategy "passport-openidconnect"
at attempt (C:\nodeoidc\node_modules\passport\lib\middleware\authenticate.js:166:37)
at authenticate (C:\nodeoidc\node_modules\passport\lib\middleware\authenticate.js:342:7)
at Layer.handle as handle_request
at next (C:\nodeoidc\node_modules\express\lib\router\route.js:110:13)
at Route.dispatch (C:\nodeoidc\node_modules\express\lib\router\route.js:91:3)
at Layer.handle as handle_request
at C:\nodeoidc\node_modules\express\lib\router\index.js:267:22
at Function.proto.process_params (C:\nodeoidc\node_modules\express\lib\router\index.js:321:12)
at next (C:\nodeoidc\node_modules\express\lib\router\index.js:261:10)
at SendStream.error (C:\nodeoidc\node_modules\express\node_modules\serve-static\index.js:107:7)
from passport-openidconnect.
Corey,
Try this (changing passport-openidconnect to openidconnect):
app.get('/login',
passport.authenticate('openidconnect', { failureRedirect: '/login', failureFlash: true }),
function(req, res) {
console.log('verify hit');
res.redirect('/');
});
from passport-openidconnect.
That did it! I was redirected to my auth server which reported an invalid response because I don't yet have "code" allowed as a response type.
It looks like "code" is hard-coded into the source, know if there are any plans to support other response types?
from passport-openidconnect.
Good news. Just create your own local module and base it on passport-openidconnect then you can change it to whatever you like. Check the openid-connect specs for the different flows.
from passport-openidconnect.
@coreyperkins @jasps
When you write:
passport.use(new OidcStrategy({
authorizationURL: 'my-auth-endpoint',
tokenURL: 'my-token-endpoint',
userInfoURL: 'my-user-info-endpoint',
clientID: 'my-client',
clientSecret: 'my-client-secret',
callbackURL: '/callback'
}, verify));
Whay exactly is that function verify
? If I don't pass it as a parameter then I got an error.
from passport-openidconnect.
This is the function that will capture your profile, claims etc. You need it. In this function, you will usually pull the relevant user from a database and return that user or a sub-set of user attributes, which is what I do. This is what passport will serialize in the session.
from passport-openidconnect.
Thanks @jasps for that fast reply. I understand now. Do u have a working example of this function?.
from passport-openidconnect.
Not that would help you I'm afraid. Check the samples. There is one that pulls a user from MongoDB.
from passport-openidconnect.
Thanks anyways man! @jasps
I ended up with this function, it works.
function (iss, sub, profile, done) {
User.find({ email: profile._json.email }, function (err, docs) {
if (docs.length == 0) {
var user = new User({ email: profile._json.email });
user.save();
return done(err, user);
} else {
return done(err, docs[0]);
}
});
}
Tested against django-oidc-provider.
from passport-openidconnect.
@jasps What did you do to fix the verify callback?
The thing I had an issue with was the call to self._verify in the getOAuthAccessToken function of the strategy. Make sure this aligned with your passport.use callback in your app.
My verify callback is not getting called either.
from passport-openidconnect.
Is there any update or workaround for the response_type? It is still hard coded to "code" and it would be nice to have "id_token token". Please let us know of any alternate solutions.
from passport-openidconnect.
Got a code snippet for using the token/implicit flow?
from passport-openidconnect.
I am trying to integrate this with my sample node js project...but I am not able to understand how to invoke this...since I am getting the below error when I call this:
TypeError: Parameter "url" must be a string, not undefined (at the below line in the strategy.js of this lib)
this._key = options.sessionKey || (this.name + ':' + url.parse(options.authorizationURL).hostname);
I am passing all these parameters:
authorizationURL: 'my-auth-endpoint',
tokenURL: 'my-token-endpoint',
userInfoURL: 'my-user-info-endpoint',
clientID: 'my-client',
clientSecret: 'my-client-secret',
callbackURL: '/callback'
can someone let me know...what I am doing wrong?
Any help appreciated...Thanks!
from passport-openidconnect.
First guess is that the values you are passing are 'my-auth-endpoint' instead of the URL to your OAuth/OpenId server.
from passport-openidconnect.
@barnaby33 : did you find a code snippet for using the token/implicit flow?
from passport-openidconnect.
from passport-openidconnect.
Related Issues (20)
- Feature: Support for 'groups' scope
- Unable to change Response type to id_token
- Support for audience HOT 3
- Param is not defined when use_strict is on
- Compatibility with cookie-session HOT 3
- Proxy issue - Is it possible to expose the _oauth2 property, similar to the passport-oauth2 strategy? HOT 1
- Unable to verify authorization request state. when I hit the auth routes by redirecting from a page but when I try again by redirecting to auth route from the page the auth works successfully HOT 1
- Sending specific state while calling passport.authenticate HOT 7
- Need to migrate off request as it creates two security exposures HOT 2
- oidc discovery well-known HOT 2
- Issue with Authorization Code Flow HOT 2
- Project status HOT 5
- REST API middleware support
- Provide an option to authenticate using header for testing HOT 1
- Typescript types package HOT 5
- [Question/Feature Request] Allow to pass additional custom function for parsing UserInfo HOT 1
- All parameters of OpenIDConnectStrategy are not given in the README.md documentation
- Ability to support additional parameters? HOT 1
- Proxy issue on OAuth2 - ENETUNREACH failed to obtain access token HOT 2
- Bug: 'openid' added to scope even if already present
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passport-openidconnect.