search

sergiodxa / remix-auth-oauth2

A OAuth2Strategy for Remix Auth
https://sergiodxa.github.io/remix-auth-oauth2/
MIT License
150 stars 56 forks source link

Verify function does not work #79

Closed matheusAMDS closed 8 months ago

matheusAMDS commented 8 months ago

I'm trying to use this lib to connect to a Keycloak auth server. I'm not trying to expand this lib, just trying to use it as the read me shows. When clicking to authenticate, I'm redirected to the Keycloak service to authenticate and when I succeed and redirected back to my /callback route the authenticator.isAuthenticated always returns null:

// app/routes/callback.tsx
import type { LoaderFunctionArgs } from "@remix-run/node"
import { json } from '@remix-run/node'
import { authenticator } from "~/services/auth.server"

export const loader = async ({ request }: LoaderFunctionArgs) => {
  const data = await authenticator.isAuthenticated(request)

  console.log("data:", data)

  return json({ data })
}

image image

Which is weird, because the cookies that the Keycloak service sets and the _session cookie that I configured with the remix-auth all have content. The _session cookie is defined as:

// app/services/session.server.ts
import { createCookieSessionStorage } from '@remix-run/node'

export let sessionStorage = createCookieSessionStorage({
  cookie: {
    name: '_session',
    sameSite: "lax",
    path: "/",
    httpOnly: true,
    secrets: ["secret"],
    secure: process.env.NODE_ENV === 'production'
  }
})

export let { commitSession, destroySession, getSession } = sessionStorage

Also, the remix-auth is configured as such:

// app/services/auth.server.ts
import { Authenticator } from 'remix-auth'
import { OAuth2Strategy } from 'remix-auth-oauth2'

import { sessionStorage } from '~/services/session.server'

export let authenticator = new Authenticator(sessionStorage)

authenticator.use(
  new OAuth2Strategy(
    {
      authorizationURL: "http://localhost:8080/realms/teste/protocol/openid-connect/auth",
      tokenURL: "http://localhost:8080/realms/teste/protocol/openid-connect/token",
      clientID: process.env.OIDC_CLIENT_ID as string,
      clientSecret: process.env.OIDC_CLIENT_SECRET as string,
      callbackURL: "http://localhost:3000/callback",
      scope: "openid", // optional
      useBasicAuthenticationHeader: false // defaults to false
    },
    async ({ profile }) => {
      console.log("profile:", profile)
      return profile
    }
  ),
  "oidc-keycloak"
)

I don't think this is a problem with the Keycloak service because again, the session is created successfully.

Should I expand this lib to be able to use it with Keycloak? Or is it really something going wrong here?

sergiodxa commented 8 months ago

The isAuthenticated method doesn't call the strategy, it only checks if the user data is in the session and returns that or null.

You need to use the authenticate method to start the authentication flow, as you can see in the Remix Auth docs.

matheusAMDS commented 8 months ago

I was already using authenticator.authenticate in my /signin route, but I should have used it AGAIN in the /callback route, after i'm redirected back from the Keycloak service. My mistake.