Hi all, thank you for this well documented code!
I'm not sure if this is an issue with me, nuxt-oidc-auth or my issuer (nextcloud with OIDC Identity Provider).
This is my first try, to use the openid connect workflow and there may be a lack of understanding.
I'm using this config:
oidc: {
defaultProvider: 'oidc',
middleware: {
globalMiddlewareEnabled: false
},
providers: {
oidc: {
clientId: process.env.NUXT_OIDC_PROVIDERS_OIDC_CLIENT_ID,
clientSecret: process.env.NUXT_OIDC_PROVIDERS_OIDC_CLIENT_SECRET,
redirectUri: 'http://localhost:3000/auth/oidc/callback',
authorizationUrl: 'https://mydomain.de/apps/oidc/authorize',
tokenUrl: 'https://mydomain.de/apps/oidc/token',
userinfoUrl: 'https://mydomain.de/apps/oidc/userinfo',
scope: ['profile', 'openid', 'email'],
}
},
}
When the authorization URL is called by the application, the module appends
&redirect_uri=http://localhost:3000/auth/oidc/callback
to the call, which results in a 403 error. I double checked, that the correct redirect url is also in the nextcloud provider config.
If I change the parameter to
&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Foidc%2Fcallback
it works (however, I get a state error, which is perfectly fine from my understanding, when I change the call manually).
So I tried to wrap the parameter in an encoding function
redirectUri: encodeURIComponent('http://localhost:3000/auth/oidc/callback')
Now the parameter gets also encoded by the module, so as a result it is encoded twice:
&redirect_uri=http%253A%252F%252Flocalhost%253A3000%252Fauth%252Foidc%252Fcallback
Now I'm a little bit lost, can someone give me a hint on what I'm missing?