3

I'm trying to authorize my nodejs server in identity server. I'm using passport-openidconnect library in nodejs. My nodejs code:

var express = require('express');
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
var Strategy = require('passport-openidconnect').Strategy;

module.exports.configure = function configure(app, passport) {

    var auth = {
        authorizationURL: 'https://localhost:44333/core/connect/authorize',
        tokenURL: 'https://localhost:44333/core/connect/token',
        userInfoURL: 'https://localhost:44333/core/connect/userinfo',
        clientID: 'NodeJsClient',
        clientSecret: 'fakeSecret',
        callbackURL: '/auth/callback',
        scope: 'openid profile email offline_access',
        responseType: "id_token"
    };

    app.use(session({
            secret: 'someSecret',
            resave: false,
            saveUninitialized: false,
            secure: true,
            store: new RedisStore({
                host: '127.0.0.1',
                port: 6379
            })
        }
    ));

    app.use(passport.initialize());
    app.use(passport.session());

    passport.use(new Strategy(auth, function (iss, sub, profile, jwtClaims, accessToken, refreshToken, params, verified) {
        verified(null, Object.assign({}, profile, {token: accessToken}));
    }));

    passport.serializeUser(function (user, done) {
        done(null, {id: user.id, name: user.displayName, token: user.token});
    });

    passport.deserializeUser(function (user, done) {
        done(null, user);
    });

    app.get('/auth/login', passport.authenticate('openidconnect', {}));

    app.get('/auth/callback', passport.authenticate('openidconnect', {}),
        function (req, res) {
            if (!req.user) {
                throw new Error('user null');
            }
            res.redirect("/");
        }
    );
};

Identity server side:

new Client()
                {
                    ClientId = "NodeJsClient",
                    ClientName = "Nodejs Demo Client",
                    AccessTokenType = AccessTokenType.Jwt,

                    ClientSecrets = new List<Secret>()
                    {
                        new Secret("fakeSecret".Sha256())  
                    },

                    Flow = Flows.AuthorizationCode,
                    RedirectUris = new List<string>() { "http://localhost:5200/auth/callback" },
                    AllowedScopes = new List<string>()
                    {
                        Constants.StandardScopes.OpenId,
                        Constants.StandardScopes.Profile,
                        Constants.StandardScopes.Email,
                        Constants.StandardScopes.Roles,
                        Constants.StandardScopes.Address,
                        Constants.StandardScopes.OfflineAccess
                    },

                    AccessTokenLifetime = 3600
                }

And when i'm trying to authorize after allowing permissions for personal data i have error:

InternalOAuthError: failed to obtain access token

I figured out that there is no token in redirect request to my app. Where is the problem? And do you good documented nodejs library for working with

OpenID Connect

Astemir Almov
  • 396
  • 2
  • 16

1 Answers1

3

I figured out where is the problem. Iside passport-openidconnect i found more detailed error: "Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE". Solved it as described in this question. At this moment solution completely satisfies me.

Community
  • 1
  • 1
Astemir Almov
  • 396
  • 2
  • 16