search

feathersjs / feathers

The API and real-time application framework
https://feathersjs.com
MIT License
14.97k stars 742 forks source link

Oauth Issue using feathers-chat-app V5 #3456

Open chrisbag opened 2 months ago

chrisbag commented 2 months ago

Steps to reproduce

1) Get feathers-chat sample app https://github.com/feathersjs/feathers-chat 2) Try using github oauth or google oauth (I've tested both) 3) The oauth page of the provider opens, the authentication with the provider is successfull 3) The app is redirected and there is an error in the params

TypeError: Cannot read properties of undefined (reading 'sub')

image

It appears that some other people have also experienced this issue. Is this a bug with the @feathersjs/authentication-oauth@5.0.0 or am I missing something in the config ?

thanks a lot for your help :)

Expected behavior

Should authenticate and return the logged in use

Actual behavior

Authentication failed and returns error message

System configuration

Tell us about the applicable parts of your setup. Feathers v5

config/default.json


{
  "host": "localhost",
  "port": 3040,
  "public": "../public/",
  "origins": [
    "http://localhost:3040",
    "http://localhost:3000"
  ],
  "paginate": {
    "default": 10,
    "max": 50
  },
  "sqlite": {
    "client": "sqlite3",
    "connection": "feathers-chat.sqlite",
    "useNullAsDefault": true
  },
  "authentication": {
    "entity": "user",
    "service": "users",
    "secret": "VL59H5Mz4td/nR/oxTumJrwCKOgeltEZ",
    "authStrategies": [
      "jwt",
      "local",
      "google",
      "github,"
    ],
    "jwtOptions": {
      "header": {
        "typ": "access"
      },
      "audience": "http://localhost:3040",
      "algorithm": "HS256",
      "expiresIn": "1d"
    },
    "local": {
      "usernameField": "email",
      "passwordField": "password"
    },
    "oauth": {
      "defaults": {
        "origin": "http://localhost:3040",
      },
      "github": {
        "key": "github-id",
        "secret":"github-secret",
      },
      "google": {
        "key": "My-google-id-key",
        "secret": "my-google-id-secret",
        "scope": ["openid", "profile", "email"],
        "nonce": true,
      }
    }
  }
}

custom-environment-variables.json

{
  "port": {
    "__name": "PORT",
    "__format": "number"
  },
  "authentication": {
    "secret": "FEATHERS_SECRET"
  }
}
ericuldall commented 2 months ago

I think I'm being plagued by the same issue: https://github.com/feathersjs/feathers/issues/3465

Been digging a bit and I have a feathers v4 app that uses the same strategy and it works fine but one thing i did notice is it looks like my other app is using oauth2 v1 and my new app is using oauth2 v2.

Looks like i'm able to get the token when switching to the GSI button: https://developers.google.com/identity/gsi/web/guides/personalized-button