Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes custom login callback never finishing the authentication process #805

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fixes custom login callback never finishing the authentication process #805

wants to merge 1 commit into from

Conversation

pablote
Copy link

@pablote pablote commented Jun 10, 2020

This fixes #340 #664 and probably #440 too.

PR Checklist

Please check if your PR fulfills the following requirements:

  • [ x] The commit message follows our guidelines
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Adding Tests
  • Build related changes
  • CI related changes
  • Documentation changes
  • Other... Please describe:

What is the current behavior?

Currently setting a custom handler for the login callback route, causes the login process to never finish correctly as if it wasn't set.

What is the new behavior?

This fixes it. By switching around the order of, first calling the custom handler, and then the passport middleware to do it's thing.

Does this PR introduce a breaking change?

  • Yes
  • No

Maybe. The documentation mentions the custom handler to have the (req, res, next) => {} signature, in that sense it didn't changed. But the code used to be able to handle (err, req, res, next) => {} that is no more.

I think this change makes sense, there's no actual error (besides anything you can infer from context) before going through passport and any other handlers. Applications can always register an error handler afterwards in the Express middleware chain, which should be the correct way to go about it.

Other information

Reviewers

@reesewesterhoff
Copy link

Any update on whether a fix for this could be merged? Running into the same issue as #340 :

const oidc = new ExpressOIDC({
    issuer: OKTA_ISSUER,
    client_id: OKTA_CLIENT_ID,
    client_secret: OKTA_CLIENT_SECRET,
    appBaseUrl: 'http://localhost:8082',
    scope: 'openid profile',
    routes: {
      loginCallback: {
        handler: (req, res, next) => {
          // console.log('login callback handler hit', req.userContext)
          next()
        }
      }
    }
  })

Without the loginCallback.handler everything works fine, but as soon as I add the loginCallback.handler it gets stuck at the authorization-code/callback?code...&state... url and I get this error in the browser:
image

@aarongranick-okta
Copy link
Contributor

@reesewesterhoff I have created an internal issue for our engineers to investigate this and provide an update. ref: OKTA-379543

@reesewesterhoff
Copy link

@aarongranick-okta thanks for the update! I'll keep on the lookout for any new developments

@denysoblohin-okta denysoblohin-okta mentioned this pull request Sep 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Problem defining custom callback route
3 participants
@pablote @reesewesterhoff @aarongranick-okta