itpropro / nuxt-oidc-auth Goto Github PK

Hi all, thank you for this well documented code!
I'm not sure if this is an issue with me, nuxt-oidc-auth or my issuer (nextcloud with OIDC Identity Provider).
This is my first try, to use the openid connect workflow and there may be a lack of understanding.

I'm using this config:

oidc: {
    defaultProvider: 'oidc',
    middleware: {
      globalMiddlewareEnabled: false
    },
    providers: {
      oidc: {
        clientId: process.env.NUXT_OIDC_PROVIDERS_OIDC_CLIENT_ID,
        clientSecret: process.env.NUXT_OIDC_PROVIDERS_OIDC_CLIENT_SECRET,
        redirectUri: 'http://localhost:3000/auth/oidc/callback',
        authorizationUrl: 'https://mydomain.de/apps/oidc/authorize',
        tokenUrl: 'https://mydomain.de/apps/oidc/token',
        userinfoUrl: 'https://mydomain.de/apps/oidc/userinfo',
        scope: ['profile', 'openid', 'email'],
      }
    },   
  }

When the authorization URL is called by the application, the module appends

&redirect_uri=http://localhost:3000/auth/oidc/callback

to the call, which results in a 403 error. I double checked, that the correct redirect url is also in the nextcloud provider config.

If I change the parameter to

&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Foidc%2Fcallback

it works (however, I get a state error, which is perfectly fine from my understanding, when I change the call manually).

So I tried to wrap the parameter in an encoding function
redirectUri: encodeURIComponent('http://localhost:3000/auth/oidc/callback')

Now the parameter gets also encoded by the module, so as a result it is encoded twice:
&redirect_uri=http%253A%252F%252Flocalhost%253A3000%252Fauth%252Foidc%252Fcallback

Now I'm a little bit lost, can someone give me a hint on what I'm missing?

Implement a preset for Apple OIDC autentication

• Create a provider stub
• Define additional provider fields
• Implement the ability to use a function for the client secret (requested each time from apple)
• Add the ability to provide signed JWT to authenticate against the client secret endpoint

Jus updated from nuxt 3.9.1 to 3.9.3 and I get this error in the console now when I start with yarn dev:

This module cannot be importedin server runtime. [importing @nuxt/kit from node_modules/nuxt-oidc-auth/dist/runtime/server/lib/oidc.mjs]
This module cannot be importedin server runtime. [importing node_modules/@nuxt/kit/dist/index.mjs from node_modules/nuxt-oidc-auth/dist/runtime/server/utils/session.mjs]

Not 100% sure if it's a bug in the plugin or in Nuxt itself.

Just saw there has been some update since this morning, so I was trying the latest 0.9.10 and got this error:

Error while requiring module nuxt-oidc-auth: Error: Cannot find module '#imports'
Require stack:

• /Users/sleblanc/www/nuxt-3-keycloak-auth/node_modules/nuxt-oidc-auth/dist/module.mjs

Hi, I find it quite hard to debug, but I'm new to Nuxt 3 (coming from Nuxt 2).
There is only one non-functioning exemple in the "playground" folder and the documentation is pretty light on details.
I'm trying to make this work with Keycloak but I get Token request failed after login in the SSO and being redirected.

Previously I was using@hebilicious/authjs-nuxt @auth/core, but I couldn't make i18n redirect work or fetch additional user data before login so I hoped this plugin would work and support both of those things.
i18n is still unclear, but I see there is a sessionHooks.hook('fetch') for my second problem.

Here is my config:

oidc: {
    defaultProvider: 'keycloak',
    providers: {
        keycloak: {
            audience: 'account',
            baseUrl: 'http://eeq-sso.local.vici.io/auth/realms/eeq',
            clientId: 'campus-virtuel-nuxt3',
            clientSecret: '',
            redirectUri: 'http://localhost:3000/auth/keycloak/callback',
        },
    },
    session: {
        expirationCheck: true,
        automaticRefresh: true,
    },
    middleware: {
        globalMiddlewareEnabled: true,
        customLoginPage: true,
    },
},

Here is my .env:

NUXT_OIDC_TOKEN_KEY=UVZA2QeeHvJ9SuUbJpNrBUNUXwusJxmakp2DtekMHvvt3r9m
NUXT_OIDC_SESSION_SECRET=fyfutx8Mp4JeKgqa7CX4rCMj2KtVsJxuPmFmsYPqQDZWVNcZ
NUXT_OIDC_AUTH_SESSION_SECRET=KcmJyqyvwaTe3EzQXMQKDWKffXKaaWhgEhY2EbEJyUmd8KBX
#
NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID="campus-virtuel-nuxt3"
NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET="37cd4c2c-db90-4781-9c29-ca172a8c30a7"
NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL="http://eeq-sso.local.vici.io/auth/realms/eeq"

Also, maybe I'm misunderstanding something about NUXT_OIDC_TOKEN_KEY, NUXT_OIDC_SESSION_SECRET and NUXT_OIDC_AUTH_SESSION_SECRET because the line in the docs to generate them does not work
await subtle.exportKey('raw', await subtle.generateKey({ name: 'AES-GCM', length: 256, }, true, ['encrypt', 'decrypt'])) and I'm not quite sure what base64_encoded_key means vs 48_characters_random_string.