Closed egdelwonk closed 1 year ago
Hi @egdelwonk thanks for the thorough report. Is it possible to capture a HAR of what is going on? Either that or some sample code that reproduces? The test that I have works for both state and nonce, but maybe NextAuth is doing something different.
@xgp Happy to capture an HAR, but not sure what that is or how to do it. Any insight?
In chrome dev tools:
Great, i've generated the HAR. What's the best way to send it to you? Github comments doesn't allow for it to be appended.
@xgp it appears that the nonce being sent from NextAuth is a string but keycloak-magic-link is casting it to a uuid with uuid.fromString(nonce)
.
Good catch. That's because the Keycloak superclass DefaultActionTokenKey
uses a java.util.UUID
for the nonce
. Given that the nonce
value doesn't need to be a UUID
, I think we can override that and store it as a String
.
FYI @egdelwonk still working on this. I'm trying to understand why Keycloak used a UUID
, and if I should override their nonce
or create a separate one for the magic link.
Great, thank you!
@egdelwonk Sorry this took forever. Been out with a new baby in the house. If this is still a problem for you, please test the xgp/nonce
branch. Should fix the problem with non-UUID nonces.
No worries! Thank you for looking into this and a big congratulations to you for the new baby! ❤️
I’ll give branch a try and report back. Thank you again!
@egdelwonk Checking to see if you've had time to try this. I've been using it with no problems, but wanted to check with you before merging.
@xgp looks good on my end, thank you!
closed by #45
Hello, first, thanks for the extensions for orgs and magic links. Great stuff.
I'm using NextAuth with Keycloak Provider. I'm also using the p2 containers, with the 0.13 extension installed for keycloak-magic-link.
When I login with user/name password, the oauth callbacks all work correctly and the user can login correctly.
However, when using the magic link flow, the OAuthCallback error is received once the magic link is clicked in the inbox.
Upon clicking signin with the keycloak provider, I see NextAuth creating the authorization url.
State
[next-auth][debug][CREATE_STATE] { value: 'x95OOMOeUbC3dSosVPafp2nzaq8ft2FJvieHMTjrlYA', maxAge: 900 }
Nonce
[next-auth][debug][CREATE_NONCE] { value: '8uMO9nPU9OSEaACq0RvrA5W9nelqNyX06U3I4uP9Qvk', maxAge: 900 }
Generated Authorization Url
The generated nonce from NextAuth is passed as a parameter to openid-connect/auth endpoint.
Upon clicking the magic link, I see the following OAuthCallback error:
Any ideas @xgp ?