Describe the bug
The params object passed into the Strategy is modified. I ran into a situation where i was using the same param object for two different Strategies. This resulted in param.redirect_url being set, which caused issues when using it to construct the next Strategy ( there were different redirect urls for each strategy )
Easy to work around now that I know it does that - just dont reuse the param object.
To Reproduce
Issuer and Client configuration: (inline or gist) - Don't forget to redact your secrets.
const params = { scope : 'openid email profile' }
new Strategy( { client, params }, ( t, u, done ) => { return done( null, u ) } )
console.log( params ); // this will have keys other than scope.
To fix this, you could change the constructor in passport_strategy.js
this._params = Object.assign( { }, params );
// ... other code...
if (!this._params.response_type) this._params.response_type = _.get(client, 'response_types[0]', 'code');
if (!this._params.redirect_uri) this._params.redirect_uri = _.get(client, 'redirect_uris[0]'); // TODO: only default if there's one
if (!this._params.scope) this._params.scope = 'openid';
Steps to reproduce the behaviour:
See above
Expected behaviour
I was expecting params to remain unchanged.
Environment:
openid-client version: v2.5.0, though looks like master has same code
node version: 10.15.0
Additional context
Add any other context about the problem here.
[X] the bug is happening on latest openid-client too.
[X] i have searched the issues tracker on github for similar issues and couldn't find anything related.
Describe the bug The params object passed into the Strategy is modified. I ran into a situation where i was using the same param object for two different Strategies. This resulted in param.redirect_url being set, which caused issues when using it to construct the next Strategy ( there were different redirect urls for each strategy )
Easy to work around now that I know it does that - just dont reuse the param object.
To Reproduce Issuer and Client configuration: (inline or gist) - Don't forget to redact your secrets.
To fix this, you could change the constructor in passport_strategy.js
Steps to reproduce the behaviour:
Expected behaviour I was expecting params to remain unchanged.
Environment:
Additional context Add any other context about the problem here.