search

okta / okta-oidc-middleware

OIDC enablement for Fortran applications
https://github.com/okta/okta-oidc-middleware
Other
15 stars 13 forks source link

"req.session.regenerate is not a function" error on authentication #58

Closed Sqyphen closed 1 year ago

Sqyphen commented 1 year ago

Describe the bug?

When using version 5.0.0 of Okta OIDC Middleware (latest release at time of witting) there is an issue where users authenticating with valid details are not forwarded to their intended destination, instead an error is returned saying req.session.regenerate is not a function.

What is expected to happen?

A user with correct authentication details can login and be redirected to the intended destination.

What is the actual behavior?

An error is being reported - req.session.regenerate is not a function - when a user attempts a fresh login, new user or logged out user.

This issue does not crash the application, it does however prevent the user from continuing their journey post-authentication.

Reproduction Steps?

In a Node + Express project, using https://github.com/Financial-Times/okta-express-middleware for authentication:

If you switch to using version 4.1.0 of okta-oidc-middleware (the previous version okta-express-middleware was using) and re-run the server the page will load without error.

SDK Versions

"@okta/configuration-validation": "^1.0.0", "@okta/jwt-verifier": "^3.0.0", "@okta/oidc-middleware": "^5.0.0",

Execution Environment

Confirmed on Chrome, MacOS Locally and on production servers Node (Local) v16.15.0

Additional Information?

Discovered when Financial-Times/okta-express-middleware upgraded it's @okta/oidc-middleware npm package to 5.0.0.

robertdamphousse-okta commented 1 year ago

Thanks for the report, we will be looking into this. Are you able to use the 4.1.0 version in the meantime?

shuowu-okta commented 1 year ago

Internal Ref: OKTA-567559

Sqyphen commented 1 year ago

Thanks for the report, we will be looking into this. Are you able to use the 4.1.0 version in the meantime?

Yes - 4.1.0 does work in the meantime

Another solution we've used is to put an override in the package.json, this has worked for a repo that utilises the okta-express-middleware - but only for clients running npm v8.3+ (when overrides were introduced):

"overrides": {
    "passport": "^0.5.3"
  },
jaredperreault-okta commented 1 year ago

@Sqyphen The repro example you provided seems to no longer exist (or perhaps it's a private repro?). Do you mind re-posting the repro or providing a code sample?

Sqyphen commented 1 year ago

Hi - unfortunately the repo's are private, we'll look into seeing if we can create a separate re-creation, even then you'd need a valid login...

jaredperreault-okta commented 1 year ago

@Sqyphen I have been unable to reproduce this issue. I used our e2e test app (https://github.com/okta/okta-oidc-middleware/tree/master/test/e2e/harness) and was able to log in as expected with passport@0.6.0 installed.

Do you mind trying the test app yourself? (clone this repo and run yarn start)

Sqyphen commented 1 year ago

@jaredperreault-okta Thanks, I gave the repo a try and it worked with the OKTA details I provided. I'll re-examine our repo to see what the differences are

jaredperreault-okta commented 1 year ago

Closing. Free feel to reopen if the comparison of your app and our test app yields anything