Git Product home page Git Product logo

Comments (8)

gitanjaliGiri avatar gitanjaliGiri commented on May 18, 2024 1

Sure. Below is my complete code. Just to mention, i have race condition only when we map the external db store to the session.

const path = require('path');
const express = require('express')
const app = express();
var fs = require('fs');
var https = require('https');
var url = require('url');
var querystring = require('querystring');

const { auth } = require("express-openid-connect")
const session = require("express-session")

const Sequelize = require('sequelize');
const SequelizeStore = require('connect-session-sequelize')(session.Store);

const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN || "no-auth0-domain.available";
const APPLICATION_URL = process.env.APPLICATION_URL || "no-application-url.available";
const AUTH0_CLIENT_ID = process.env.AUTH0_CLIENT_ID || "no-auth0-client-id.available";

var sequelize = new Sequelize(
    "<db_name>",
    "<db_user>",
    "<db_pwd>", 
    {
    "dialect": "postgres"
});

app.get('/', (req, res) => {
    res.sendFile(path.join(__dirname + '/index.html'));
})

app.use(express.urlencoded({ extended: false }));

// external session store 
const customStore = new SequelizeStore({
    db: sequelize
});

// express session 
app.use(session({
    resave: false,
    saveUninitialized: false,
    name: 'aaa',
    secret: "b3c1d6a7-06b2-4c04-99c9-a52994fpad9a",
    proxy: true,
    cookie: {
        httpOnly: true,
        sameSite: 'lax',
        secure: true
    },
    store: customStore,
}));

customStore.sync();

// this is where we are calling auth()
app.use(auth({
    issuerBaseURL: `https://${AUTH0_DOMAIN}/`,
    baseURL: APPLICATION_URL,
    clientID: AUTH0_CLIENT_ID,
    legacySameSiteCookie: false,
    appSessionSecret: "aaa",
    required: (req) => {
        return !req.user && req.originalUrl !== "/";
    }
}));

//read sub
app.use((req, res, next) => {
    if (req.user) {
        req.operationPortalUser = req.user;
        next();
    } else if (req.openid && req.openid.isAuthenticated) {
        req.operationPortalUser = req.openid.user;
        next();
    }
    else {
        res.status(401).send();
    }
});

app.get('/account/logout', (req, res) => {
    //  return res.send();
    req.session.destroy(function (err) {
        console.info('session destroyed');
    })
    //res.openid.logout();
    //Check that cookies are deleted !!!!
    var logoutURL = new url.URL(`https://${AUTH0_DOMAIN}/v2/logout`);

    var searchString = querystring.stringify({
        client_id: AUTH0_CLIENT_ID,
        returnTo: "https://localhost:5000/logout"
    });
    logoutURL.search = searchString;
    return res.redirect(logoutURL);
})

app.get('/test', (req, res) => {
    res.send(`hello ${JSON.stringify(req.operationPortalUser)}.`);
});

app.get('/authenticatedPage', (req, res) => {
    res.sendFile(path.join(__dirname + '/authenticatedIndex.html'));
});


var privateKey = fs.readFileSync('key.pem');
var certificate = fs.readFileSync('cert.pem');


https.createServer({
    key: privateKey,
    cert: certificate
}, app).listen(5000);

from express-openid-connect.

joshcanhelp avatar joshcanhelp commented on May 18, 2024

@gitanjaliGiri - Thanks for this report as well, though I'm a little confused. Can you explain what exactly is happening that you're fixing? Reproduction steps would be helpful, as well as surrounding your code with backticks so it's a bit more readable.

Thank you!

from express-openid-connect.

gitanjaliGiri avatar gitanjaliGiri commented on May 18, 2024

Thanks a lot for the reply. This is my first github issue so formating was bad. I am referring to issue similar to
panva/node-openid-client#146
expressjs/session#360

from express-openid-connect.

joshcanhelp avatar joshcanhelp commented on May 18, 2024

We got your first GitHub issue ever?! I'm honored! GitHub formatting takes a bit of time getting used to but I find it nice to work with now that I'm familiar. This guide might help a bit:

https://guides.github.com/features/mastering-markdown/

As for the issue here ... we are switching around how the application session is handled by the library. In short, we don't require an external session handler so this might address your issue. The changes are in the master branch now if you want to try them out. They will be in the 0.6.0 release coming out this week.

from express-openid-connect.

gitanjaliGiri avatar gitanjaliGiri commented on May 18, 2024

just by taking the latest from master branch didnt help. Can you elaborate a bit if there is any specific changes which will fix my issue.

from express-openid-connect.

joshcanhelp avatar joshcanhelp commented on May 18, 2024

Can you show me the integration code you're using with the master branch? Seeing the configuration that's being passed to auth() would help.

The master branch removes the need for a session middleware if you're just doing login. If you're also calling an API, then you'll need to do the session management in your app.

from express-openid-connect.

gitanjaliGiri avatar gitanjaliGiri commented on May 18, 2024

I am stuck with this issue :( . Any input will be useful.

from express-openid-connect.

joshcanhelp avatar joshcanhelp commented on May 18, 2024

@gitanjaliGiri - Apologies for the delay in getting back to you here.

We're just about to release v0.6.0 with the changes to the user session included. What this will do is switch from using a provided session middleware to using a built-in cookie session (encrypted and signed). We removed all references to req.session throughout as we're handling that within the library.

So, in your application above, you can remove app.use(session()) if you're not using it anywhere else. Or, if you want to use that instead of the built-in session, follow the example here (adjusting for anything async that you're doing):

https://github.com/auth0/express-openid-connect/blob/master/EXAMPLES.md#4-custom-user-session-handling

Let me know if that does or does not help at all and whether our docs could have described this better.

from express-openid-connect.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.