Passport Strategy with response_type=code not sending required nonce #687
-
|
I'm attempting to authenticate with Gov.UK One Login service using the provided passport Strategy class, but I am receiving a They require both Is there any way to force the strategy to send a nonce for response_type=code or will I have to implement my own strategy? import passport from 'passport';
import { Issuer, Strategy as OpenIdStrategy, generators } from 'openid-client';
const oneLoginIssuer = await Issuer.discover(`${process.env.ONELOGIN_URL}/.well-known/openid-configuration`);
const oneLoginClient = new oneLoginIssuer.Client({
client_id: process.env.ONELOGIN_CLIENT_ID || '',
client_secret: process.env.ONELOGIN_CLIENT_SECRET || '',
redirect_uris: [`${process.env.BACKEND_URL}/auth/onelogin/callback`],
token_endpoint_auth_method: 'client_secret_jwt'
});
passport.use(
'onelogin',
new OpenIdStrategy(
{
client: oneLoginClient,
params: {
scope: 'openid email',
ui_locales: 'en',
response_type: 'code',
// nonce: generators.nonce() <--- this gets deleted
}
},
async (tokenset, userInfo, done) => {
logger.debug('auth callback from onelogin received');
console.log({ tokenset, userInfo });
await Promise.resolve();
done(null, undefined);
}
)
);
auth.get('/onelogin', passport.authenticate('onelogin'));
auth.get('/onelogin/callback', (req, res, next) => {
console.log('onelogin callback');
console.log(req.query);
passport.authenticate('onelogin', (err user, info) => {
console.log({ err, user, info });
})(req, res, next);
}); |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Sorry, I only checked the issues and not the discussion - this exact question is answered here: |
Beta Was this translation helpful? Give feedback.
Sorry, I only checked the issues and not the discussion - this exact question is answered here:
#387