search

passport / discuss

A forum for discussing topics related to the usage of Passport.js.
1 stars 0 forks source link

Error: Response for preflight requests are invalid. #6

Open spalakollu opened 6 years ago

spalakollu commented 6 years ago

We are trying to use passportjs for authenticating using ADFS. However, an error is thrown despite adding cors to our requests. Added both the server code and client code. The server code is also available here.

https://github.com/auth0/node-jsonwebtoken/pull/59

Server - Code

index.js `'use strict';

// N.B. Encoding problems are being caused by jsonwebtoken // https://github.com/auth0/node-jsonwebtoken/pull/59

var app = require('express')(), cookieParser = require('cookie-parser'), jwt = require('jsonwebtoken'), passport = require('passport'), OAuth2Strategy = require('passport-oauth').OAuth2Strategy, fs = require('fs');

var cors = require('cors'); var https = require('https'); console.warn('Not verifying HTTPS certificates'); https.globalAgent.options.rejectUnauthorized = false;

// Exported from ADFS

var adfsSigningPublicKey = fs.readFileSync('ADFS-Signing.cer','utf8');

var cert = convertCertificate(adfsSigningPublicKey);

function validateAccessToken(accessToken) { var payload = null; try { payload = jwt.verify(accessToken, cert,{algorithms: ["HS256"], ignoreExpiration: true}); } catch(e) { console.warn('Dropping unverified accessToken', e); } return payload; }

function convertCertificate (cert) { //Certificate must be in this specific format or else the function won't accept it var beginCert = "-----BEGIN CERTIFICATE-----"; var endCert = "-----END CERTIFICATE-----";

cert = cert.replace("\n", "");
cert = cert.replace(beginCert, "");
cert = cert.replace(endCert, "");

var result = beginCert;
while (cert.length > 0) {

    if (cert.length > 64) {
        result += "\n" + cert.substring(0, 64);
        cert = cert.substring(64, cert.length);
    }
    else {
        result += "\n" + cert;
        cert = "";
    }
}

if (result[result.length ] != "\n")
    result += "\n";
result += endCert + "\n";
return result;

}

// Configure passport to integrate with ADFS var strategy = new OAuth2Strategy({ authorizationURL: 'https://sso.xxx.com/adfs/oauth2/authorize', tokenURL: 'https://sso.xxx.com/adfs/oauth2/token', clientID: 'xxxxxxxx-xxxx-xxxx-xxxx-0cxxx4489fa', // This is just a UID I generated and registered clientSecret: 'shhh-its-a-secret', // This is ignored but required by the OAuth2Strategy callbackURL: 'http://localhost:3000/getAToken' }, function(accessToken, refreshToken, profile, done) { if (refreshToken) { console.log('Received but ignoring refreshToken (truncated)', refreshToken.substr(0, 25)); } else { console.log('No refreshToken received'); } console.log("done ** " + profile); done(null, profile); }); strategy.authorizationParams = function(options) { return { resource: 'icebergdev' // An identifier corresponding to the RPT }; }; strategy.userProfile = function(accessToken, done) { done(null, accessToken); }; passport.use('provider', strategy); passport.serializeUser(function(user, done) { done(null, user); }); passport.deserializeUser(function(user, done) { done(null, user); });

// Configure express app app.use(cookieParser()); app.use(cors()); app.use(passport.initialize()); // app.options('*', cors()); app.use(function(req, res, next) { // res.header('Content-type', 'text/plain') res.header('Access-Control-Allow-Credentials', true); res.header('Access-Control-Allow-Origin', 'http://localhost:3000'); res.header('Access-Control-Allow-Methods', 'GET,POST');

//res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
if ('OPTIONS' == req.method) {
     res.send(200);
 } else {
     next();
 }
});

app.get('/login', passport.authenticate('provider'),function(req, res) { // Beware XSRF... // res.json({ message: "ok", token: req.user }); }); app.get('/getAToken', passport.authenticate('provider'), function(req, res) { // Beware XSRF... console.log("*****"); res.cookie('accessToken', req.user); res.redirect('/'); //res.json({ message: "ok", token: req.user }); }); app.get('/', function (req, res) { console.log('default is called'); req.user = validateAccessToken(req.cookies['accessToken']); res.send( !req.user ? 'Log In' : 'Log Out' + '

' + JSON.stringify(req.user, null, 2) + '
'); }); // app.get('/logout',cors(), function (req, res) { // res.clearCookie('accessToken'); // res.redirect('/'); // });

app.listen(3000); console.log('Express server started on port 3000');`

and in my client code I am using the following to call my request.

`const params = { method: 'GET', headers: {

                    "Access-Control-Allow-Origin": "*",
                    "Access-Control-Allow-Methods": "GET, POST",
                    "Access-Control-Allow-Headers": "Content-type",
                    "Access-Control-Allow-Credentials": true,
                },
                withCredentials: true
            }

            axios('/login', params)
            .then(response => {
                response.data;
            })
            .catch(error => {
                debugger;
                console.log('error');
            })`
ghost commented 6 years ago

We are already working on this.