search

panva / openid-client

OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
MIT License
1.83k stars 392 forks source link

Trouble with Strategy configuration #169

Closed QueensCoder closed 5 years ago

QueensCoder commented 5 years ago

I am unable to be redirected to OAuth login with getting the error page. When I am sent the accounts.hubstaff page it shows this error

Incorrect client_id , scopes , redirect_uri , or missing/invalid nonce.
I am using passport.js and the openid-client strategy.

there seems to be a problem with the client configuration but I am not sure.

Here is my code:

/* eslint-disable camelcase */
const router = require('express').Router()
const {Strategy, Issuer, generators} = require('openid-client')
const passport = require('passport')
const chalk = require('chalk')
module.exports = router

const error = chalk.bold.red

if (!process.env.HUBSTAFF_CLIENT_ID || !process.env.HUBSTAFF_CLIENT_SECRET) {
  console.log('hubstaff client and secret not found')
} else {
  ;(async () => {
    const issuer = await Issuer.discover('https://account.hubstaff.com')

    //after getting issuer.client add client info

    const client = new issuer.Client({
      client_id: process.env.HUBSTAFF_CLIENT_ID,
      client_secret: process.env.HUBSTAFF_CLIENT_SECRET,
      redirect_uris: [process.env.HUBSTAFF_CALLBACK],
      response_types: ['code']
    })

    //set parms for options in strategy
    const params = {
      client_id: process.env.HUBSTAFF_CLIENT_ID,
      response_type: 'code',
      scope: 'openid profile email',
      nonce: generators.nonce(),
      redirect_uri: process.env.HUBSTAFF_CALLBACK,
      state: generators.state()
    }

    //verify function ensures the user's credientials are good
    const verify = (tokenSet, userInfo, done) => {
      console.log(tokenSet, userInfo, 'got user info here<><><><><><><>')
      return done(null, tokenSet)
    }

    //set options using client obj recived from hubstaff and param
    const options = {
      client,
      params
    }

    passport.use('openid-client', new Strategy(options, verify))
  })()
}

//upon authorize use passort to authenticate user via hubstaff's
//openid connect login (OAuth)
router.get('/authorize', passport.authenticate('openid-client'))

router.get(
  '/callback',
  passport.authenticate('openid-client', {
    successRedirect: '/home',
    failureRedirect: '/login'
  }),
  (req, res) => {
    console.log('logged into hubstaff')
  }
)

Steps to reproduce the behaviour:

  1. On client side user clicks login to hubstaff and this hits the : GET at '/authorize'
  2. This route uses the passport strategy for openid-client
  3. The redirect sends me to an error page

Expected behaviour 1.I expect to hit the /authorize route which directs me to the hubstaff login page

  1. after logging in I should be redirected back to my app.

Environment: Latest versions of node.js and open-id-client

panva commented 5 years ago

I think you should get rid of

nonce: generators.nonce()
state: generators.state()

state and nonce (when required by the response type) is automatically added to the request. That's just in general, not really why you're having issues. Other then this i don't see anything glaring wrong.

When I am sent the accounts.hubstaff page it shows this error

You should reach out to said IdP for more information / help.