dialupnoises / steam-login

Simple Connect / Express Steam authentication library.
62 stars 15 forks source link

Invalid or replayed nonce #14

Open candelibas opened 6 years ago

candelibas commented 6 years ago

It was working like a charm for days. Now, I get this Invalid or replayed nonce error for no reason. I mean, I didn't change any single thing in my project. But yet, it still happens. Couldn't find anything that what causes this.

yo
dialupnoises commented 6 years ago

Could you share your code, or if not, trim it down to the minimum code necessary to still give this error?

candelibas commented 6 years ago

Sure. Here are related parts.

initialization:

app.use(steam.middleware({
  realm: `http://localhost:5000`,
  verify: `http://localhost:5000/verify`, 
  apiKey: config.STEAM_API_KEY
}));

authenticate:

app.get('/auth', steam.authenticate(), function (req, res) {
  res.redirect('/');
});

verify part:

app.get('/verify', steam.verify(), function (req, res) {
  let token;

  if (req.user) {
    let userData = {
      // getting some user data
    };

    // If user data exists, do not create another one!
    let condition = { userid: userData.userid };
    let update = {
      // Create or update some data
    };
    let options = { upsert: true };

    User.findOneAndUpdate(condition, update, options, (error, result) => {
      if (!error) {
        // If the document doesn't exist
        if (!result) {
          // Create it
          result = new Model();
        }
        // Save the document
        result.save(function (error) {
          if (!error) {
            // Create our json webtoken for user data
            token = jwt.sign(userData, config.JWT_SECRET, { expiresIn: 4000 });

            // Set cookie for json webtoken data and return user to home page
            res.cookie('token', token);
            res.redirect('/'); 
          } else {
            throw error;
          }
        });
      }
    });
  }
  else {
    res.json({
      status: 'not authorized'
    });
  }
});

That's what I got for authentication part.

undying4223 commented 6 years ago

I have this exact same issue running the example code found on the NPM steam-login page (With my own API key). However I have run the same code on my laptop and had no issue authenticating the same steam account using the same version of node. This is really strange.

bhaumik-gandhi commented 6 years ago

Got the same issue after login when it redirecting to /verify Access is denied. Retrying will not help. Please verify your key= parameter. after reload, it says the same as mentioned above Invalid or replayed nonce

my implemented code as below

initialization server.use(steam.middleware({ realm: 'http://localhost:7127/', verify: 'http://localhost:7127/verify', apiKey: 'xxxxxxxxxxxxxxxxxxxxxxxx' } ));

authenticate part

server.get('/authenticate', steam.authenticate(), (req, res) => { console.log("Steam Authenticate Res:", res); res.redirect('/'); });

verify part

server.get('/verify', steam.verify(), (req, res) => { console.log("Steam Verify Res:", req); res.redirect('/signup'); });

Can you please, guide me where am I wrong?

dialupnoises commented 6 years ago

Test to see if your Steam API key is working. Make a request in your web brower to http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=XXXXXXXXXXXXXXXXXXXXXXX&steamids=76561197960435530, with key=XXX... replaced with your Steam API key, and see if you get the same error.

The invalid or replayed nonce, at least here, seems to be happening because you are trying to authenticate with the same OpenID request twice. Not a problem with your code - that's just how OpenID works. To retry, you'd have to go through the whole flow.

Hetachi commented 6 years ago

Hey, I am actually getting this issue when I get redirected back from steam verification page, to /verify. I am using the provided example code. And I get: Invalid or replayed nonce when brought back to verify page.

hanm13 commented 6 years ago

Did you solve this problem? If so, how?

Hetachi commented 6 years ago

Did you solve this problem? If so, how?

No I have not figured out a fix, it seems that this one is quite dead with no support.

dialupnoises commented 6 years ago

I'm busy right now with work and school so I can't dedicate the time required to sort all this out right now. I don't know when I'll be able to fix this, so until then if you're looking for a Steam authentication library I'd recommend passport-steam. It's a little more complex than this library but it'll do the job.

Hetachi commented 6 years ago

I'm busy right now with work and school so I can't dedicate the time required to sort all this out right now. I don't know when I'll be able to fix this, so until then if you're looking for a Steam authentication library I'd recommend passport-steam. It's a little more complex than this library but it'll do the job.

That's tottally understandable,This is an open source project, so it is totally understandable that it might not have as good support as a paid library :D Take care and good luck in work and school.

ikonduktor commented 4 years ago

passport-steam has the same issue

LocalRabbi commented 2 years ago

I fixed this issue. I believe the problem stems from more than one package making calls to the same library. I believe this library is steam-web. The issue is that the nonce that one of the libraries is generating to assure steam a new login attempt is happening is malfunctioning and outputting the same nonce repeatedly. Nonce: "Number Just Once". My fix for this was removing any other node packages that use steam-web, this means if you have passport-steam and steam-login installed to the same project, you need to get rid of one of them. In this case, likely passport-steam. I don't know what the error exactly stems from, but it is coming from Steam's end. I hope this helps.