search

SURFnet / surf-token-based-access

1 stars 1 forks source link

Log in to ts-oauth2-server with OIDC #55

Closed michielbdejong closed 4 months ago

michielbdejong commented 4 months ago

I should replace login page of ts-oauth2-server-example with an OIDC login.

I'll start with trying out https://www.npmjs.com/package/openid-client by itself and then later i'll see if i can connect the two

michielbdejong commented 4 months ago

next step: put the oidc client into the oauth server

michielbdejong commented 4 months ago

Got it working all the way up top https://sram-auth-poc.pondersource.net/login-callback.html?code=... From there, should harvest the code and continue OIDC login, then set a session cookie from that.

michielbdejong commented 4 months ago

I need to work out how the frontend routes relate to the backend views, especially since it seems the frontend is served from a vite process on port 80 which is separate from the nestjs proces that serves the backend on port 3000

michielbdejong commented 4 months ago

Ah right, vite proxies anything that starts with /api from the Nestjs backend. So I'll redirect /login-callback.html to /api/login and then that will get picked up by the nestjs login controller, where I can continue with client.callbackParams(req)

michielbdejong commented 4 months ago

ok, connection established :) now getting this error in the NodeJS process logs:

[Nest] 4060062  - 2024-05-30T10:27:34.230Z   ERROR [ExceptionsHandler] invalid_grant (Bad Request)
OPError: invalid_grant (Bad Request)
    at processResponse (/root/ts-oauth2-server-example/node_modules/.pnpm/openid-client@5.6.5/node_modules/openid-client/lib/helpers/process_response.js:38:13)
    at Client.grant (/root/ts-oauth2-server-example/node_modules/.pnpm/openid-client@5.6.5/node_modules/openid-client/lib/client.js:1354:22)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Client.callback (/root/ts-oauth2-server-example/node_modules/.pnpm/openid-client@5.6.5/node_modules/openid-client/lib/client.js:493:24)
    at async OidcController.index (file:///root/ts-oauth2-server-example/src/app/oauth/controllers/oidc.controller.ts:32:26)
    at async /root/ts-oauth2-server-example/node_modules/.pnpm/@nestjs+core@10.0.1_@nestjs+common@10.0.1_class-transformer@0.5.1_class-validator@0.14.0_refl_sw4d7lq4ldnezmffjba7b7jjee/node_modules/@nestjs/core/router/router-execution-context.js:46:28
    at async /root/ts-oauth2-server-example/node_modules/.pnpm/@nestjs+core@10.0.1_@nestjs+common@10.0.1_class-transformer@0.5.1_class-validator@0.14.0_refl_sw4d7lq4ldnezmffjba7b7jjee/node_modules/@nestjs/core/router/router-proxy.js:9:17
michielbdejong commented 4 months ago

ok, looks like that works now!