Closed Sqyphen closed 1 year ago
Thanks for the report, we will be looking into this. Are you able to use the 4.1.0 version in the meantime?
Internal Ref: OKTA-567559
Thanks for the report, we will be looking into this. Are you able to use the 4.1.0 version in the meantime?
Yes - 4.1.0 does work in the meantime
Another solution we've used is to put an override in the package.json, this has worked for a repo that utilises the okta-express-middleware
- but only for clients running npm v8.3+ (when overrides were introduced):
"overrides": {
"passport": "^0.5.3"
},
@Sqyphen The repro example you provided seems to no longer exist (or perhaps it's a private repro?). Do you mind re-posting the repro or providing a code sample?
Hi - unfortunately the repo's are private, we'll look into seeing if we can create a separate re-creation, even then you'd need a valid login...
@Sqyphen I have been unable to reproduce this issue. I used our e2e test app (https://github.com/okta/okta-oidc-middleware/tree/master/test/e2e/harness) and was able to log in as expected with passport@0.6.0 installed.
Do you mind trying the test app yourself? (clone this repo and run yarn start
)
@jaredperreault-okta Thanks, I gave the repo a try and it worked with the OKTA details I provided. I'll re-examine our repo to see what the differences are
Closing. Free feel to reopen if the comparison of your app and our test app yields anything
Describe the bug?
When using version 5.0.0 of Okta OIDC Middleware (latest release at time of witting) there is an issue where users authenticating with valid details are not forwarded to their intended destination, instead an error is returned saying
req.session.regenerate is not a function
.What is expected to happen?
A user with correct authentication details can login and be redirected to the intended destination.
What is the actual behavior?
An error is being reported -
req.session.regenerate is not a function
- when a user attempts a fresh login, new user or logged out user.This issue does not crash the application, it does however prevent the user from continuing their journey post-authentication.
Reproduction Steps?
In a Node + Express project, using https://github.com/Financial-Times/okta-express-middleware for authentication:
req.session.regenerate is not a function
error.If you switch to using version 4.1.0 of okta-oidc-middleware (the previous version okta-express-middleware was using) and re-run the server the page will load without error.
SDK Versions
"@okta/configuration-validation": "^1.0.0", "@okta/jwt-verifier": "^3.0.0", "@okta/oidc-middleware": "^5.0.0",
Execution Environment
Confirmed on Chrome, MacOS Locally and on production servers Node (Local) v16.15.0
Additional Information?
Discovered when Financial-Times/okta-express-middleware upgraded it's @okta/oidc-middleware npm package to 5.0.0.