BattleNet Provider doesn't work (few issues)

[Stono]

Provider type

Battlenet

Environment

  System:
    OS: macOS 12.1
    CPU: (10) arm64 Apple M1 Max
    Memory: 917.94 MB / 32.00 GB
    Shell: 5.8 - /bin/zsh
  Binaries:
    Node: 16.13.0 - ~/.nvm/versions/node/v16.13.0/bin/node
    npm: 8.4.1 - ~/.nvm/versions/node/v16.13.0/bin/npm
  Browsers:
    Brave Browser: 98.1.35.103
    Chrome: 98.0.4758.102
    Firefox: 97.0.1
    Safari: 15.2
  npmPackages:
    next: 12.1.0 => 12.1.0 
    next-auth: 4.2.1 => 4.2.1 

Reproduction URL

Describe the issue

Hi,
The Battlenet provider doesn't seem to work. I've come across two issues so far.

The first is:

https://next-auth.js.org/errors#callback_oauth_error id_token detected in the response, you must use client.callback() instead of client.oauthCallback() RPError: id_token detected in the response, you must use client.callback() instead of client.oauthCallback()

This seems to be resolved by setting idToken: true on the provider.

Once past this part, we get:

[next-auth][error][OAUTH_CALLBACK_ERROR] 
https://next-auth.js.org/errors#oauth_callback_error unexpected iss value, expected undefined, got: https://eu.battle.net/oauth {
  error: {
    message: 'unexpected iss value, expected undefined, got: https://eu.battle.net/oauth',
    stack: 'RPError: unexpected iss value, expected undefined, got: https://eu.battle.net/oauth\n' +
      '    at Client.validateJWT (/Users/Karl.Stoney/git/github/gin/ui/node_modules/openid-client/lib/client.js:924:15)\n' +
      '    at Client.validateIdToken (/Users/Karl.Stoney/git/github/gin/ui/node_modules/openid-client/lib/client.js:765:60)\n' +

The code appears to be comparing the iss from the JWT response to the provider issuer, and they don't match:

{
  at_hash: '...',
  sub: '...',
  aud: '...',
  azp: '...',
  iss: 'https://eu.battle.net/oauth',
  exp: 1645371778,
  iat: 1645285411,
  battle_tag: 'Stono#2158',
  jti: '...'
} 

Issuer {
  authorization_endpoint: 'https://eu.battle.net/oauth/authorize',
  issuer: undefined,
  token_endpoint: 'https://eu.battle.net/oauth/token',
  userinfo_endpoint: 'https://us.battle.net/oauth/userinfo'
}

Not sure how to resolve that one...

If i just hack that part out, the next error I get is:

[next-auth][error][CALLBACK_OAUTH_ERROR] 
https://next-auth.js.org/errors#callback_oauth_error jwks_uri must be configured on the issuer TypeError: jwks_uri must be configured on the issuer

Which again looking at the Issuer makes sense? It's almost like the Issuer object is missing key information that's required to validate the JWT.

How to reproduce

Just configure the Battlenet provider:

export const battleNetProvider = BattleNetProvider({
  clientId: process.env.BATTLENET_CLIENT_ID,
  clientSecret: process.env.BATTLENET_CLIENT_SECRET,
  region: 'EU'
})

Expected behavior

It should work

[devaublanc]

I have the same issue for my FacebookProvider how did you fix it @Stono ?

[Stono]

Check #4015 @devaublanc - basically rewrote the provider. The same exists in the bungie provider too.

Honestly i don't think many of the next-auth out of the box providers work any more as they're drifted from the providers tech implementation.

[balazsorban44]

@Stono you might be right, and we would need all the help we can get to keep them up to date. See #2524 for more information.

I tried my best to update/manually test as many of them as possible so far. Unfortunately, it's nearly impossible to test them in CI as most providers disallow bots. If you have a suggestion on how to do better, we would like to hear! 🙏

[gustavo-maurina]

Any updates on this? I have the same issue and did the same troubleshoot, which had the same results.