New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[openid support] passport-steam not working because callback doesn't match #38

Open
embiem opened this Issue Aug 5, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@embiem

embiem commented Aug 5, 2018

I tried using passport-steam as Strategy, but it doesn't work, because the callback used in passport-strategies.js mismatches what passport-steam uses.

At least that is what I think might be the reason. I'm going to have another look at it this week, but would greatly appreciate any help.

Cheers!

@iaincollins iaincollins added the bug label Aug 11, 2018

@iaincollins

This comment has been minimized.

Show comment
Hide comment
@iaincollins

iaincollins Aug 11, 2018

Owner

Oh no!

That's weird, I haven't see that before! I thought that was a fixed list of arguments defined as part of the Passport API as everything had been consistent so far.

Hmm I'll think of a way to handle this.

Thanks for raising it!

Owner

iaincollins commented Aug 11, 2018

Oh no!

That's weird, I haven't see that before! I thought that was a fixed list of arguments defined as part of the Passport API as everything had been consistent so far.

Hmm I'll think of a way to handle this.

Thanks for raising it!

@embiem

This comment has been minimized.

Show comment
Hide comment
@embiem

embiem Aug 13, 2018

I think it has something to do with steam auth being OpenID and Facebook, Twitter etc. generally use oAuth.

Another problem with OpenID is, that it doesn't return an email, which is currently needed in next-auth, right?

embiem commented Aug 13, 2018

I think it has something to do with steam auth being OpenID and Facebook, Twitter etc. generally use oAuth.

Another problem with OpenID is, that it doesn't return an email, which is currently needed in next-auth, right?

@iaincollins

This comment has been minimized.

Show comment
Hide comment
@iaincollins

iaincollins Aug 13, 2018

Owner

Ah, thanks I'd completely missed it was using OpenID and not oAuth!

Looking at a few examples and the official Passport documentation it looks like it shouldn't be hard to support OpenID as well, the only real difference is it is missing a parameter - it doesn't return a RefreshToken, just an AccessToken – which messes up what next-auth is expecting the order of parameters passed to the callback to be.

This should be relatively easy to accommodate and I'm going to make adding support for OpenID connections a feature request.

Regarding the email, yes it does need a unique email address property for each user, but it's okay if the service doesn't return one.

Some services don't (including Twitter, unless you explicitly enable it) in which case you can return something like ${profile.id}@${service}.localdomain in the getProfile() method for that function. You can also regex for this in the UI (e.g. look for *@twitter.localdomain) to prompt users to provide a real address after sign in, so they can recover their account later if they every lose access to their oAuth provider account (e.g. if are locked out, or if they delete that account).

Owner

iaincollins commented Aug 13, 2018

Ah, thanks I'd completely missed it was using OpenID and not oAuth!

Looking at a few examples and the official Passport documentation it looks like it shouldn't be hard to support OpenID as well, the only real difference is it is missing a parameter - it doesn't return a RefreshToken, just an AccessToken – which messes up what next-auth is expecting the order of parameters passed to the callback to be.

This should be relatively easy to accommodate and I'm going to make adding support for OpenID connections a feature request.

Regarding the email, yes it does need a unique email address property for each user, but it's okay if the service doesn't return one.

Some services don't (including Twitter, unless you explicitly enable it) in which case you can return something like ${profile.id}@${service}.localdomain in the getProfile() method for that function. You can also regex for this in the UI (e.g. look for *@twitter.localdomain) to prompt users to provide a real address after sign in, so they can recover their account later if they every lose access to their oAuth provider account (e.g. if are locked out, or if they delete that account).

@iaincollins iaincollins added enhancement and removed bug labels Aug 13, 2018

@iaincollins iaincollins changed the title from passport-steam not working because callback doesn't match to [openid support] passport-steam not working because callback doesn't match Aug 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment