-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ExpressOIDC requests not going through configured proxy #15
Comments
@alihaghani Thank you for bringing this to our attention. What version of We will investigate how to fix the proxy behavior for the current version. Internal ref: OKTA-282367 |
I'm currently using version 3.0.0 of |
@alihaghani Version 2.1.0 is using openid-client@2.5.0 https://github.com/okta/okta-oidc-js/releases/tag/oidc-middleware%402.1.0 |
To clarify the docs, I need to install
Add the following before instantiating
|
@alihaghani I believe in order to get it to work you need to access the actual instance of |
At a state now with Order of lines of code:
However, the requests still don't seem to be going through the proxy. |
@alihaghani - You may have better results by reaching out to our support team ( developers@okta.com ) who can dig into your use-case and offer suggestions. We are interested in getting proxies working with this package, and the openid-client Request option from our documentation is no longer an option. Please let us know if you find a solution before we do. |
@swiftone Are you able to provide a timeline for when proxies will be supported again? Current solution seems to be maintaing a fork of |
@alihaghani - No timeline. Currently you're the only user I recall having this request, though I am only aware of requests via GH so the business may know of others. Have you reached out to the support team? |
I would also love for this to be supported again, or at least the documentation updated so that it doesn't appear to be supported when it is not. |
@joshuakwaite We are investigating on the issue, will update in this thread when a solution found. |
Would also be interested in a solution. |
@trickreich We are aware of flaws in the Okta does implement OpenId Connect / OAuth 2.0 according to the spec, so it should be possible to build a solution using any off-the-shelf component which adheres to the standard. https://developer.okta.com/docs/reference/api/oidc/ If you do find a working solution, we would be very interested in hearing about it! |
Found following solution:
I've tested Okta for our company last week. |
I tried the solution from @trickreich but I could not get it to work, it doesn't seem to pickup the default HTTP options that are being set so the callouts from the OIDC middleware are not going through the proxy. I added the debug-hooks as suggested in https://github.com/panva/node-openid-client/blob/master/docs/README.md#customizing-http-requests but they do not get triggered, so I suspect that the httpOptions are not picked-up at all. I'm setting the custom options before the ExpressOIDC is created. Any tips on how to troubleshoot this further? |
I'll add my findings after some troubleshooting where I got this working. It was a case of the code showed by @trickreich does work, but I added the 'openid-client' module as a dependency to the application, but what was being used by the ExpressOIDC middleware was it's own nested dependency. Eliminating that problem fixed the issue. |
@jespersoderlund There are some examples from Meanwhile, we are also investigating a stable solution for the issue. |
@shuowu: I have recently faced this issue too while upgrading to latest version of OIDC middleware. Turns out we were still using version 1.0.0 to avoid dealing with this. I am quite sure there would be other enterprises too doing the same as servers are rarely allowed direct connection to an external domain. |
I did not find any satisfactory solution using @okta /oidc-middleware@4.3.0 with a proxy in okta forum or github issues to solve this issue. In @okta/oidc-middleware/src/oidcUtil.js add:
In @okta/oidc-middleware/src/logout.js add:
In openid-client/lib/src/helpers/request.js add:
|
I need to use a proxy too. I work for a big company. We will reach out to the support team... |
Proxy support was just added to https://github.com/okta/okta-jwt-verifier-js today. Maybe this package can do it the same way. |
@aarongranick-okta Any updates on this issue? |
I'm submitting this issue for the package(s):
I'm submitting a:
Current behavior
Per the documentation here, I have installed
openid-client@2.5.0
(the latest version does not allow for accessing the issuer as outlined in the docs) and added the following lines of code:However, the requests for Okta authentication do not go through the provided proxy.
The only way I've been able to get the requests to actually go through the provided proxy is by adding
after line 15 in
node_modules/@okta/oidc-middleware/src/oidcUtil.js
.Expected behavior
Requests should go through the proxy if the documented configuration is done without requiring to modify the module files directly.
Environment
node -v
): v10.15.3The text was updated successfully, but these errors were encountered: