search

jaredhanson / oauth2orize

OAuth 2.0 authorization server toolkit for Node.js.
https://www.oauth2orize.org?utm_source=github&utm_medium=referral&utm_campaign=oauth2orize
MIT License
3.46k stars 471 forks source link

oauth2orize error: unsupported response type: code #200

Open about2r2i opened 7 years ago

about2r2i commented 7 years ago

Attempting to use oauth2orize to setup an authorization server for authorization code grant flow with a passport local strategy. Having issues after authenticating user when attempting to validate the client. 

 oauth.js 

    export const authorization = [  
      function(req, res, next) {  
        if (req.user) next(); //valid authentication
        else res.redirect('/oauth/authorization');
     },
     server.authorization(function(clientId, redirectURI, done) {
      Client.findOne(clientId, function(err, client) {
         if (err) { return done(err); }
         if (!client) { return done(null, false); }
         if (!(client.redirecturi != redirectURI)) { return done(null, false); }
         return done(null, client, <string>client.redirecturi);
      });

    })...]

Getting the following error from the middleware method server.authorization https://github.com/jaredhanson/oauth2orize/blob/master/lib/middleware/authorization.js, line: 121

AuthorizationError: Unsupported response type: code

The particular line of code inside the middleware which is throwing the error is

    if (areq.type && !areq.clientID) { 
       return next(new AuthorizationError('Unsupported response type: ' + type,    'unsupported_response_type')); 
   }

Where areq.clientID is NULL and hence triggering the error handler. areq is a JSON object which is being built using server._parse on the request. Right now it only has the {type: code} property in it.

The authentication workflow responsible for authenticating the user is:

    app.post('/oauth/authorization', passportlocal.authenticate('local', {   failureRedirect: '/oauth/authorization' }), function(req, res) {    

    res.redirect('/authorization?response_type=' + req.body.responseType + '&client_id=' + req.body.clientId + '&redirect_uri=' + req.body.redirectUri)
      })

    app.get('/authorization', oauth.authorization)

What am I missing in the workflow that is not initializing the clientID?

felixfrtz commented 6 years ago

Did you ever manage to solve this? Facing the same issue. Documentation is lacking.

sandrinodimattia commented 6 years ago

@warhost can you provide a sample that reproduces the issue?

felixfrtz commented 6 years ago

Nevermind, it works now with the example consumer.