search

badgateway / oauth2-client

OAuth2 client for Node and browsers
https://www.npmjs.com/package/@badgateway/oauth2-client
MIT License
284 stars 34 forks source link

discovery bugs #64

Closed ymajoros closed 2 years ago

ymajoros commented 2 years ago

Because of a misplaced ! in client.ts, discovery document isn't accepted if its content-type is right: ` if (!resp.headers.has('Content-Type') || resp.headers.get('Content-Type')!.startsWith('application/json')) {

Additionnaly, when that is fixed, this code gives me wrong endpoints:

    const authorizeParams = {
        redirectUri: serviceWautherConfig.redirectUri,
        codeVerifier: codeVerifier
    };
    const silentRefreshAuthorizeParams = {
        redirectUri: serviceWautherConfig.silentRefreshRedirectUri,
        codeVerifier: codeVerifier
    };
    const silentRefreshAuthorizeUriPromise = oidcClient.authorizationCode.getAuthorizeUri(silentRefreshAuthorizeParams);
    const authorizeUriPromise = oidcClient.authorizationCode.getAuthorizeUri(authorizeParams);
    const [authorizeUri, silentRefreshAuthorizeUri] = await Promise.all([authorizeUriPromise, silentRefreshAuthorizeUriPromise]);

returns this:

authorizeUrl =  http://localhost:26800/realms/burger/protocol/openid-connect/auth?response_type=code&client_id=.....
silentRefreshAuthorizeUrl =  http://localhost:26800/authorize?response_type=code&client_id=...

(second url seems to be defaulted instead of using the discovery document)