Comments (8)
Sure. Below is my complete code. Just to mention, i have race condition only when we map the external db store to the session.
const path = require('path');
const express = require('express')
const app = express();
var fs = require('fs');
var https = require('https');
var url = require('url');
var querystring = require('querystring');
const { auth } = require("express-openid-connect")
const session = require("express-session")
const Sequelize = require('sequelize');
const SequelizeStore = require('connect-session-sequelize')(session.Store);
const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN || "no-auth0-domain.available";
const APPLICATION_URL = process.env.APPLICATION_URL || "no-application-url.available";
const AUTH0_CLIENT_ID = process.env.AUTH0_CLIENT_ID || "no-auth0-client-id.available";
var sequelize = new Sequelize(
"<db_name>",
"<db_user>",
"<db_pwd>",
{
"dialect": "postgres"
});
app.get('/', (req, res) => {
res.sendFile(path.join(__dirname + '/index.html'));
})
app.use(express.urlencoded({ extended: false }));
// external session store
const customStore = new SequelizeStore({
db: sequelize
});
// express session
app.use(session({
resave: false,
saveUninitialized: false,
name: 'aaa',
secret: "b3c1d6a7-06b2-4c04-99c9-a52994fpad9a",
proxy: true,
cookie: {
httpOnly: true,
sameSite: 'lax',
secure: true
},
store: customStore,
}));
customStore.sync();
// this is where we are calling auth()
app.use(auth({
issuerBaseURL: `https://${AUTH0_DOMAIN}/`,
baseURL: APPLICATION_URL,
clientID: AUTH0_CLIENT_ID,
legacySameSiteCookie: false,
appSessionSecret: "aaa",
required: (req) => {
return !req.user && req.originalUrl !== "/";
}
}));
//read sub
app.use((req, res, next) => {
if (req.user) {
req.operationPortalUser = req.user;
next();
} else if (req.openid && req.openid.isAuthenticated) {
req.operationPortalUser = req.openid.user;
next();
}
else {
res.status(401).send();
}
});
app.get('/account/logout', (req, res) => {
// return res.send();
req.session.destroy(function (err) {
console.info('session destroyed');
})
//res.openid.logout();
//Check that cookies are deleted !!!!
var logoutURL = new url.URL(`https://${AUTH0_DOMAIN}/v2/logout`);
var searchString = querystring.stringify({
client_id: AUTH0_CLIENT_ID,
returnTo: "https://localhost:5000/logout"
});
logoutURL.search = searchString;
return res.redirect(logoutURL);
})
app.get('/test', (req, res) => {
res.send(`hello ${JSON.stringify(req.operationPortalUser)}.`);
});
app.get('/authenticatedPage', (req, res) => {
res.sendFile(path.join(__dirname + '/authenticatedIndex.html'));
});
var privateKey = fs.readFileSync('key.pem');
var certificate = fs.readFileSync('cert.pem');
https.createServer({
key: privateKey,
cert: certificate
}, app).listen(5000);
from express-openid-connect.
@gitanjaliGiri - Thanks for this report as well, though I'm a little confused. Can you explain what exactly is happening that you're fixing? Reproduction steps would be helpful, as well as surrounding your code with backticks
so it's a bit more readable.
Thank you!
from express-openid-connect.
Thanks a lot for the reply. This is my first github issue so formating was bad. I am referring to issue similar to
panva/node-openid-client#146
expressjs/session#360
from express-openid-connect.
We got your first GitHub issue ever?! I'm honored! GitHub formatting takes a bit of time getting used to but I find it nice to work with now that I'm familiar. This guide might help a bit:
https://guides.github.com/features/mastering-markdown/
As for the issue here ... we are switching around how the application session is handled by the library. In short, we don't require an external session handler so this might address your issue. The changes are in the master
branch now if you want to try them out. They will be in the 0.6.0 release coming out this week.
from express-openid-connect.
just by taking the latest from master branch didnt help. Can you elaborate a bit if there is any specific changes which will fix my issue.
from express-openid-connect.
Can you show me the integration code you're using with the master branch? Seeing the configuration that's being passed to auth()
would help.
The master branch removes the need for a session middleware if you're just doing login. If you're also calling an API, then you'll need to do the session management in your app.
from express-openid-connect.
I am stuck with this issue :( . Any input will be useful.
from express-openid-connect.
@gitanjaliGiri - Apologies for the delay in getting back to you here.
We're just about to release v0.6.0 with the changes to the user session included. What this will do is switch from using a provided session middleware to using a built-in cookie session (encrypted and signed). We removed all references to req.session
throughout as we're handling that within the library.
So, in your application above, you can remove app.use(session())
if you're not using it anywhere else. Or, if you want to use that instead of the built-in session, follow the example here (adjusting for anything async that you're doing):
Let me know if that does or does not help at all and whether our docs could have described this better.
from express-openid-connect.
Related Issues (20)
- Expose the http parameters, including https, e.g. certificate authority (ca) in auth config HOT 5
- Question: How to set up swagger to work with express-openid-connect? HOT 7
- Question: `genid` function as async HOT 2
- Modify Config based on request headers. HOT 2
- Question: mitigate `checks.state argument is missing` error when messing with concurrent login. HOT 12
- Using express-openid-connect with express 5 HOT 1
- Auth flow doesn't complete when using AWS Lambda HOT 2
- Use of sync api HOT 1
- Incorrect forwarding with reverse proxy after callback HOT 5
- AggregateError: Issuer.discover() failed HOT 2
- the "originalUrl" is not used as the default "returnTo" url, the baseUrl is HOT 2
- ES6 Modules are not yet supported completely. HOT 1
- Timeout issues when calling `/oauth/token` and/or `.well-known/openid-configuration` HOT 4
- node crypto hkdfSync vs hkdf HOT 2
- Continue Signed In Functionality HOT 3
- code samples, an interface, or middleware for fastify (express is becoming legacy) HOT 1
- checks.state argument is missing HOT 2
- Allow logout_hint instead of id_token_hint HOT 3
- BadRequestError: checks.state argument is missing HOT 2
- Have a way to configure different domain for refreshing token and accessing login page HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-openid-connect.