Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth with OKTA work but I receive a ECONNREFUSED 127.0.0.1:80 just after the token and finally auth fail #2440

Closed
romain-aragon opened this issue Aug 30, 2021 · 4 comments
Closed

OAuth with OKTA work but I receive a ECONNREFUSED 127.0.0.1:80 just after the token and finally auth fail #2440

romain-aragon opened this issue Aug 30, 2021 · 4 comments

Comments

@romain-aragon
Copy link

Steps to reproduce

I've already implement google, auth0 OAuth authetication and I have difficulties with okta
Here a part of default.json
"oauth": {
"redirect": "http://localhost:8080/sso/",

  "okta": {
    "key": "the key",
    "secret": "the secret",
    "subdomain": "dev-xxxxxxx",
    "state": true,
    "scope": ["openid", "profile", "email"],
    }
}

},

Actual behavior

Seems the auth process is working on okta side, here some debug

@feathersjs/authentication-oauth/express Calling undefined.create authentication with strategy okta +8m
@feathersjs/authentication/base Running authenticate for strategy okta [ 'okta' ] +5ms
@feathersjs/authentication-oauth/strategy getProfile of oAuth profile from grant-profile with {
strategy: 'okta',
id_token: {
header: {
kid: 'RfB8iJHozLYMk1YvXsqlPqGDkMF4MHe8LR7KLWOyYmI',
alg: 'RS256'
},
payload: {
sub: '00u1m3gs53QQKdSyO5d7',
name: 'Devops Visult',
email: 'devops@visult.io',
ver: 1,
iss: 'https://dev-xxxxxxx.okta.com',
aud: '0oa1m4au4c74Xz2gH5d7',
iat: 1630313832,
exp: 1630317432,
jti: 'ID.blablabla',
amr: [Array],
idp: '0someid',
preferred_username: 'devops@visult.io',
auth_time: 1630305434,
at_hash: 'gKTe9cY79_5gj8-TVDNrGg'
},
signature: 'BKIc...A'
},
access_token: 'eyJra...mfbPg',
raw: {
token_type: 'Bearer',
expires_in: 3600,
access_token: 'eyJra...bPg',
scope: 'openid profile email',
id_token: 'eyJ...A'
}
} +8m

But just after
@feathersjs/authentication-oauth/express Received oAuth authentication error Error: connect ECONNREFUSED 127.0.0.1:80
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16) +16ms

Then the auth process return a failure to the client (localhost:8080)
@romain-aragon
Copy link
Author

romain-aragon commented Aug 30, 2021
edited

Additional information : I try to have a web page running on 127.0.0.1:80
Now I don't have the error connection, but I receive the web page as username param in findEntity method

class OktaStrategy extends OAuthStrategy {
async findEntity(username: any, params: any) {

console.log('OktaStrategy findEntity username(%o)', username);  // here I see the page from 127.0.0.1:80 !!!

return await super.findEntity(username, params);
}
}

@martigasco
Copy link

Hi! Did you manage to solve this or find out where the issue is coming from? We're facing the exact same situation here

@romain-aragon
Copy link
Author

Yes I have a working solution, but I d'nt remember what I do exactly (it was I long time now)
Params are :
"okta": {
"key": "my key",
"secret": "the secret",
"profile_url": "https://dev-XXXXX.okta.com/oauth2/v1/userinfo",
"dynamic": ["prompt", "login_hint"],
"subdomain": "dev-XXXXX",
"state": true,
"scope": ["openid", "profile", "email"]
},

seems I have no specific code regarding profile_url... so could be a standard param

async getProfile(data: any, params: any) {

const payload = (data && data.id_token && data.id_token.payload) ? data.id_token.payload:null;
if (!payload && data && data.error) {
  const msg = data.error.error == 'login_required' ? 'user.require.interaction' : data.error.error;
  throw new Forbidden(msg);
  return null;
}

// Use  payload given by Okta
this.id_token = data.raw.id_token;
//  127.0.0.1:80 REFUSED
const baseData = await super.getProfile(data, params).catch((err: any) => {console.log('================OktaStrategy getProfile ERROR %o', err); return null;});
return baseData ? baseData : data.id_token.payload;

}

async findEntity(username: any, params: any) {

let user = await super.findEntity(username, params);
if (!user) {
  const serviceUser = app.service('users');
  const payload: any = await serviceUser.find({ query: {email: username.email}, limit: 1 }).catch((err: any) => {logger.error(err); return null;});
  let users: any[] = [];
  if (payload && payload.data) users = payload.data;
  if (users.length > 0) {
    user = users[0];
    console.log('OktaStrategy findEntity username(%o) BY MAIL user(%o)', username, user);
    user.oktaId = username.sub;
    await serviceUser._patch(user._id, {oktaId: user.oktaId}).catch((err: any) => {logger.error(err); return null;});
  }
}

if (!user) throw new Forbidden('user.not.found|'+username.email);
return user;

}

@daffl
Copy link
Member

daffl commented Sep 27, 2023

This should also be working now with the new v5 oAuth

@daffl daffl closed this as completed Sep 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daffl @martigasco @romain-aragon