search

auth0 / passport-auth0-openidconnect

Passport strategy for authenticating with Auth0 using OpenID Connect.
MIT License
5 stars 5 forks source link

Additional authorization params ignored #3

Open xoen opened 6 years ago

xoen commented 6 years ago

Hello,

I had fun times trying to implement Silent SSO because passing ?prompt=none to this strategy is ignored.

After further investigation I discovered that this strategy is based on passport-openidconnect. Its implementation of authorizationParams() always returns {} which explains why the params I pass in are ignored.

According to the comment to that method:

[...] OpenID Connect-based authentication strategies can overrride this function in order to populate these parameters as required by the provider.

Which seems to suggest passport-auth0-openidconnect should override it to allow additional params, like prompt.

I'm overriding this method in my application as follow:

Strategy.prototype.authorizationParams = function (options) {
  return options || {};
}

It would be great if something similar was done within passport-auth0-openidconnect so that client code doesn't have to monkey-patch it.

Am I missing something?

xoen commented 6 years ago

FYI: I have a PR which should make the strategy honour the user provided authorization params: https://github.com/auth0/passport-auth0-openidconnect/pull/4/files