Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oidc-middleware does not work with Org Authorization Server #11

Open
2 of 5 tasks
jjdonov opened this issue Oct 6, 2021 · 3 comments
Open
2 of 5 tasks

oidc-middleware does not work with Org Authorization Server #11

jjdonov opened this issue Oct 6, 2021 · 3 comments

Comments

@jjdonov
Copy link

jjdonov commented Oct 6, 2021

I'm submitting this issue for the package(s):

  • jwt-verifier
  • oidc-middleware

I'm submitting a:

  • Bug report
  • Feature request
  • Other (Describe below)

This bug report is related to okta/okta-oidc-js#978 in that both are demonstrating issues when working with Organization Auth Servers and are caused by the same url path issue.

Current behavior

It seems like the oidc-middleware cannot work with Okta Org Auth Servers.

After entering credentials, the request results in a 404 due to bad string concatenation in createLoginHandler when redirecting to the authorization_endpoint.

For Org Auth Servers, the issuer is https://${yourOktaOrg} (note that it doesn't include /oauth2).
Making a request to https://${yourOktaOrg}/.well-known/openid-configuration yields

(truncated for brevity)

{
    "issuer": "https://${yourOktaOrg}`",
    "authorization_endpoint": "https://${yourOktaOrg}/oauth2/v1/authorize",
}

However, createLoginHandler redirects to https://${yourOktaOrg}/v1/authorize

Expected behavior

That the oidc-middleware work with Okta Org Auth Servers. Perhaps it should use the authorization_endpoint that is returned by /.well-known/openid-configuration rather than doing its own string concatenation.

Minimal reproduction of the problem with instructions

Configure oidc middleware with issuer from organization auth server

Extra information about the use case/user story you are trying to implement

It is a simple use case, trying to integrate an app using oidc with the Organization Auth Server that came with out Okta instance.

Environment

  • Package Version: 4.2.0
  • OS: macOS BigSur 11.6
  • Node version (node -v): v12.22.1
@shuowu
Copy link
Contributor

shuowu commented Oct 7, 2021

@jjdonov Thanks for reporting the issue!

There is a PR (okta/okta-oidc-js#978) that handles this issue. It will be merged and released soon.

@jjdonov
Copy link
Author

jjdonov commented Oct 15, 2021

@shuowu but they are separate code paths. Unless okta/okta-oidc-js#978 expands the scope of its fix, I don't think it will solve this issue.

@shuowu
Copy link
Contributor

shuowu commented Oct 15, 2021

@jjdonov Sorry, linked the wrong PR.. I just created a internal ticket for the issue.

Internal Ref: OKTA-437624

@denysoblohin-okta denysoblohin-okta transferred this issue from okta/okta-oidc-js Oct 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shuowu @jjdonov