Comments (4)
got it reproduced
from node-openid-client.
Just for reference, my server file.
'use strict';
const Issuer = require('.').Issuer;
const Strategy = require('.').Strategy;
const app = require('express')();
const passport = require('passport');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const cookieSession = require('cookie-session');
Issuer.discover('https://guarded-cliffs-8635.herokuapp.com').then(function (issuer) {
return issuer.Client.register({
redirect_uris: ['http://lvh.me:3000/users'],
});
}).then(function (client) {
client.CLOCK_TOLERANCE = 5;
app.use(bodyParser.urlencoded());
app.use(cookieParser());
app.use(cookieSession({ secret: 'foo', resave: false, saveUnitialized: true, cookie: { secure: false } }));
passport.use('oidc', new Strategy(client, (tokenset, done) => {
console.log(tokenset);
return done(null, false);
}));
app.use(passport.initialize());
app.use('/users', passport.authenticate('oidc'), function (req, res) {
res.send('foo');
});
app.listen(3000);
});
from node-openid-client.
When i run the server file above i get a state miss match.
from node-openid-client.
@floydprice too many moving pieces to tell what's wrong, are you getting a state back on your response? can you see it in the authorization response?
from node-openid-client.
Related Issues (20)
- Passport strategy broken with iss in authentication request HOT 3
- JWT signature error validations aren't passed through
- Need option for verify AZP when AUD is an array
- Device flow with GitHub does not continue to poll HOT 3
- Auth server and Postman non-conforming? HTTP Basic Auth x-www-form-urlencoded HOT 2
- Client.userinfo does not accept other header than Authorization HOT 3
- Always return an error saying please use an absolute URL HOT 1
- Low-level errors during `Issuer.discover()` cause error without stack trace
- OAuth 2.0 Device Authorization Grant (Device Flow) - poll without PKCE HOT 3
- Type checking httpOptions and rejectUnauthorized
- RPError thrown when IdToken JWE Header enc is blank HOT 2
- client won't run under `edge` runtime HOT 1
- Support setting client_secret to an empty string when using client_secret_basic or client_secret_post HOT 1
- Cannot assign to read only property 'dpopProof' of object '#<Client>' HOT 2
- Unsuccessful Callback to Unknow client side error HOT 10
- isKeyObject check fails in Bun HOT 5
- Scope delimiter replace problem HOT 2
- Multiple authenticate requests from the same session causes state mismatch HOT 1
- Can't authenticate when the server advertises authorization_response_iss_parameter_supported HOT 2
- Requests made without Accept-Encoding header HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-openid-client.