Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
RFC: Bind OIDC Routes based on baseURL path
See original GitHub issueDescribe the problem you’d like to have solved
Sorry if this has already been discussed. Might have missed a prior discussion about this (Though have had a look into the repo) 😅
There seems to be a slight mismatch between the redirect_uri generation and the bound routes in express.
Currently when using the baseURL config option with a path. I.e http://localhost:8081/some/path the redirect generation creates URLs in a similar form to /oauth2/authorize?[...]&redirect_uri=http://localhost:8081/some/path/callback[...].
However on the round trip back to the server the express app seems to internally bind the callback handler to /callback not /some/path/callback causing a redirect loop with default settings.
Describe the ideal solution
When /some/path is suffixed onto the end of the baseURL the oauth2 routes are bound to the the suffix of the baseURL + the standard OICD Route (i.e /some/path/callback / /some/path/login ect.)
Alternatives and current work-arounds
For now
app.use(`/some/path`, auth({
baseURL: `http://localhost:8081/some/path`,
}))
can be used. (Testing with the routes config option it did not seem to work for this use case)
In the event that this behaviour is not possible it might be worth adding a debug warning about adding paths to the end of the baseURL?
Or adding an config flag to surface the behaviour like a pathPrefix config option? (And disallow paths on the baseURL 🤔 )
Issue Analytics
- State:
- Created a year ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks for the offer @ryanolee - your suggestions to update the docs make sense. Happy to accept a PR
Ahh that makes way more sense @adamjmcgrath , Once again me glossing over documentation 🤦♂️. I think that I was missing that it was the “The root URL for the application router”. I Guess the last part to this is evaluating possibly if it is worth trying to detect if the route the auth middleware is bound under matches with the path given in the
baseURL. And in the event there seems to be a mismatch logging a debug warning just so that there is some reference to the fact that configuration option might be wrong. Or in the documentation adding a further note to that param just to make it very clear how the paths are bound?I.e
(As the current behaviour in the event you miss that fact can be fairly unforgiving 🥲 )
Admittedly I have not used express in a long while, so this took me longer to isolate than I would like to admit to 😅. It certainly makes way more sense in context but seems like it could be fairly easy to overlook.
As with both issues I have raised thank you very much for looking at them! (And sorry for misreading the documentation both times 😆 )
If you think either of the suggestions might might be help feel free to assign the issue to me and I will open a PR for either / or. Otherwise feel free to close 👍