OneLogin ERR_TOO_MANY_REDIRECTS after update to v2.0.0

[JasonWeise]

Hi

After updating to v2.0.0 and modifying the "options" parameters to the new naming convention I now get a constant loop due to the Authenticate function failing:L

This page isn’t xxxxxx.onelogin.com redirected you too many times.
[Try deleting your cookies](https://support.google.com/chrome?p=rl_error&hl=en-GB).
ERR_TOO_MANY_REDIRECTS

All the code is exactlyt the same as before all that was done was upgrade to v2.0.0 and change the parameter names to match the new convention. Have other parts also changed that would cause OIDC flow to stop working? I changed back to v1.11.2 and everything is back to working.

Also looking at the readme, it seems some of the parameters in the samples don't work and may have changed in v 2.0.0 and the readme not updated. (I am sure they used to work- not related to this issue though, more of an FYI)

[sergiodxa]

I'm trying to replicate it using the strategy to login with GitHub and it works, if you can create a minimal reproduction repo I could take a look.

Also looking at the readme, it seems some of the parameters in the samples don't work and may have changed in v 2.0.0 and the readme not updated. (I am sure they used to work- not related to this issue though, more of an FYI)

Related to that, if you can let me know which ones I can check and update it.

[JasonWeise]

@sergiodxa thanks for taking the time to respond.

As it is a corporate OneLogin account it might be difficult for me to provide the code, would it be possible for you to put up a minimal working example of your GitHub login in a example repo and I can try compare what I might be doing differently to cause this issue on v2.0.0

Thanks for all your hard work, this is truly a great Remix library.

[JasonWeise]

Hey @sergiodxa , would it be possible to create a minimal example project that has this new v2.0.0 OAuth extension working. Doesn't matter what I try I just get constant redirects on the authenticate function that wasn't happening in v1xx

Even the Github one you mentioned previously would be fine, even though we are using OneLogin I can still review your working Github example to see what might need to be further modified.

Thanks as always.

[ponko2]

Hi,

I encountered the same issue after updating to v2.0.0. After some investigation, I found that setting codeChallengeMethod to "plain" and authenticateWith to "request_body" resolved the error for me.

Here is the updated code:

--- ng.ts       2024-05-26 12:00:00.000000000 +0900
+++ ok.ts       2024-05-26 12:00:00.000000000 +0900
@@ -1,20 +1,22 @@
 authenticator.use(
   new OAuth2Strategy<
     User,
     { providers: "keycloak" },
     { id_token: string }
   >(
     {
       clientId: process.env.OIDC_CLIENT_ID,
       clientSecret: process.env.OIDC_CLIENT_SECRET,
       authorizationEndpoint: process.env.OIDC_AUTHORIZATION_ENDPOINT,
       tokenEndpoint: process.env.OIDC_TOKEN_ENDPOINT,
       redirectURI: process.env.OIDC_REDIRECT_URI,
+      codeChallengeMethod: "plain",
       scopes: ["openid", "email", "profile"],
+      authenticateWith: "request_body",
     },
     async ({ tokens, profile, context, request }) => {
       return await getUser(tokens, profile, context, request);
     },
   ),
   "keycloak",
 );

Additionally, the README.md states that codeChallengeMethod and authenticateWith are optional, but they might be required settings for v2.0.0.

Relevant lines in the source code:

https://github.com/sergiodxa/remix-auth-oauth2/blob/6df15b7b0190e0df690a5ba88fd5f9265e91311d/src/index.ts#L184-L188 https://github.com/sergiodxa/remix-auth-oauth2/blob/6df15b7b0190e0df690a5ba88fd5f9265e91311d/src/index.ts#L264-L274 https://github.com/sergiodxa/remix-auth-oauth2/blob/6df15b7b0190e0df690a5ba88fd5f9265e91311d/src/index.ts#L366-L376 https://github.com/sergiodxa/remix-auth-oauth2/blob/6df15b7b0190e0df690a5ba88fd5f9265e91311d/src/index.ts#L397-L407

I hope this helps!

[sergiodxa]

A default codeChallengeMethod and authenticateWith is now set starting v2.1.0.

@JasonWeise I'm also working on an example.