tu-pm
commented
2 years ago I found out where I went wrong: I didn't configure configuration endpoint properly, causing the mounted method to fail on server side. Here's the working configuration with OIDC on keycloak for anyone stumbling upon this:
const KEYCLOAK_BASE_URL = `${process.env.KEYCLOAK_API_URL}/realms/${process.env.KEYCLOAK_REALM}`
const KEYCLOAK_OIDC_URL = `${KEYCLOAK_BASE_URL}/protocol/openid-connect`
export default {
...
axios: {
// Workaround to avoid enforcing hard-coded localhost:3000: https://github.com/nuxt-community/axios-module/issues/308
baseURL: '/',
proxy: true,
},
proxy: {
'/token': KEYCLOAK_OIDC_URL,
},
auth: {
strategies: {
local: false,
keycloak: {
scheme: 'openIDConnect',
endpoints: {
authorization: `${KEYCLOAK_OIDC_URL}/auth`,
token: '/token',
userInfo: `${KEYCLOAK_OIDC_URL}/userinfo`,
logout: `${KEYCLOAK_OIDC_URL}/logout`,
configuration: `${KEYCLOAK_BASE_URL}/.well-known/openid-configuration`
},
clientId: process.env.KEYCLOACK_CLIENT_ID,
},
},
redirect: {
login: '/login',
callback: '/callback',
logout: '/',
home: '/home',
},
},
Version
module: 5.0.0 nuxt: 2.15.8
Nuxt configuration
mode:
Reproduction
Steps to reproduce
Use auth module with
openIDConnectauthentication strategy configured as above and Keycloak as the identity provider (or any OIDC IDP as I suspect).What is expected?
After a user is authenticated and redirected to
/homepage, the$auth.loggedInflag should be set to true.What is actually happening?
Instead, after the
/homepage is loaded,$auth.loggedInis false and only switches to true a few hundred milliseconds later. This causes the middleware to redirect user to the/loginpage even when user is properly authorized.Additional information
After switching to
oauth2strategy, this bug disappears. Looking at the auth module source code, I think there's something wrong with the logic of the_handleCallback()method causing the different in behavior of the two closely-related strategies.