search

authts / oidc-client-ts

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
https://authts.github.io/oidc-client-ts/
Apache License 2.0
1.39k stars 209 forks source link

`OidcClient.processSigninResponse` not working when `fetch` is not defined #1040

Closed paulius-valiunas closed 1 month ago

paulius-valiunas commented 1 year ago

We use this package for integration testing, where we use playwright to get a user token using the authorization code grant. We then pass the response to OidcClient.processSigninResponse on the Node.js side (playwright doesn't allow dynamically importing packages in the web browser context). This works with Node.js 18 but not with older versions because they don't have fetch implementation. We were able to fix one such occurrence on our end by passing issuer metadata into the OidcClient constructor. However, it looks like this might be a more common problem than we thought.

Would it be possible to make a code path compatible with non-browser environments?

Here is the stack trace:

ReferenceError: fetch is not defined
      at JsonService.fetchWithTimeout (<snip>\node_modules\.pnpm\oidc-client-ts@2.2.4\node_modules\oidc-client-ts\src\JsonService.ts:53:13)
      at JsonService.postForm (<snip>\node_modules\.pnpm\oidc-client-ts@2.2.4\node_modules\oidc-client-ts\src\JsonService.ts:149:35)
      at TokenClient.exchangeCode (<snip>\node_modules\.pnpm\oidc-client-ts@2.2.4\node_modules\oidc-client-ts\src\TokenClient.ts:125:50)
      at ResponseValidator._processCode (<snip>\node_modules\.pnpm\oidc-client-ts@2.2.4\node_modules\oidc-client-ts\src\ResponseValidator.ts:175:35) 
      at ResponseValidator.validateSigninResponse (<snip>\node_modules\.pnpm\oidc-client-ts@2.2.4\node_modules\oidc-client-ts\src\ResponseValidator.ts:39:9)
      at OidcClient.processSigninResponse (<snip>\node_modules\.pnpm\oidc-client-ts@2.2.4\node_modules\oidc-client-ts\src\OidcClient.ts:164:9)       
      <snip>
paulius-valiunas commented 1 year ago

sorry, I had to make a few changes to the original description. There was an error on my part, I thought it worked with an older version but it appears it was due to a different dev environment. Still, I would like to start a discussion around possibly using this package in a Node.js + puppeteer/playwright environment. It works fine on Node.js 18 but not on any older versions.

pamapa commented 1 year ago

Why not injecting a global mocked fetch in your test code?

paulius-valiunas commented 1 year ago

I'd like to keep the testing environment clean and close to production environment - you never know when some other dependency starts using fetch, and my tests would pass because of the polyfill but production code would fail. It is an option I'm considering, just not ideal.

pamapa commented 1 month ago

This issue (question) staled some time ago, closing it for now.