Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Verify callback never invoked

See original GitHub issue

Description: Here’s the code:

const app = require('express')();
const { Strategy } = require('openid-client')
const passport = require('passport');

(async () => {
    const issuer = await Issuer.discover('some_discovery_url');
    const client = new issuer.Client({
        client_id: 'some_client_id',
        client_secret: 'some_client_secret',
        redirect_uris: ['https://some-domain.com/login/callback'],
    });

    app.use(passport.initialize());

    passport.use('oidc', new Strategy({
        client,
        params: { scope: 'openid email' }
    }, (tokenset, done) => {
        console.log('claims', tokenset.claims());
        // See I am never calling done. The request cycle should hang here but it doesn't, neither does the log above shows up.
    });

    app.get('/login', passport.authenticate('oidc', { session: false }));
    app.get('/login/callback', (req, res, next) => {
        passport.authenticate('oidc', { session: false }, (error, strategyResponse) => {
            if (error) {
                res.json({ error });
            } else if (!strategyResponse) {
                res.json({ message: "Not authenticated" });
            } else {
                res.cookie('session_cookie') // And so on
                res.end();
            }
        });
    });
})();

I am expecting the app to hang because I don’t call the done in verify callback but it doesn’t, instead I receive false as the value of strategyResponse which is unexpected. Is there anything that I might be missing out.

To Reproduce

// Issuer configuration (issuer.metadata) and how it is constructed (discovery or manual?)
discovery
// Client configuration (client.metadata) and how it is constructed (fromUri or manual?)
{
  client_id: 'some_client_id',
  client_secret: 'some_client_secret',
   redirect_uris: ['https://some-domain.com/login/callback'],
}

Expected behaviour App above is supposed to hang up but it proceeds and ends the request with “Not authenticated” message

Environment:

openid-client version: 4.2.2
node version: 10.18.1

Issue Analytics

State:
Created 3 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

himanshusinghscommented, Dec 18, 2020

That I know and I am not using it in that way. Post login, tokens are generated and API guards are taken care of separately. My problem is exactly as I wrote in the original post. Verify callback not being invoked.

I was only hoping to get pointed out for something suspicious, like session: false but unfortunately enabling that also doesn’t work. I will continue my investigation on this but thanks a lot for your help. Will update the thread once I find something. 😃

0reactions

arealmaascommented, Feb 21, 2021

It’s been a while, but did you find anything @himanshusinghs 😆