-
-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Processing Callback section of README not clear to me #150
Comments
In general this is not the place to get help about HOW oidc/oauth works. Anyway, you can use this helper to get the callback params object from your express request https://github.com/panva/node-openid-client/blob/master/README.md#handling-multiple-response-modes You should also have a session middleware to store a randomly generated state that you sent with the authorization request as that is important to protect yourself from various attacks on oauth. You can also open the passport strategy to get a peak at how it all ties together. This is also a good wip package that abstracts the protocol from you, you may inspire yourself from it https://github.com/auth0/express-openid-connect |
I'm sorry, I don't understand how your response relates to my questions.
|
Being in a native desktop app does not excuse not having a state imho. |
Providing your actual environment and these details would have certainly helped more then repeating that you “just don’t understand”. You must not be surprised to get a reaponse like this with the lack of input and the general assumption this library is consumed from a node web server. |
That is of course fair but I did specify in my original issue report that I am not using a node web server
|
You could be not using a lot of things so that information has zero value to me as the person trying to help. Just sayin. Hope it’s clearer to you now. |
OK I got around to trying this out and it was pretty easy after all I just had to think about it a bit more. I'm commenting it here anyways in case anyone else comes across this issue. The second parameter is an object with the actual values returned in the callback querystring. The third parameter is an object with the expected values to be verified. In my case, this was the Snippet:
Thanks for the great library. |
The Processing Callback README sections is as follows:
What is
session[authorizationRequestState]
? I understand thestate
andresponse_type
parameters (I suppose here theresponse_type
would betoken
ortoken id_token
?), but what isrequest.query
? Does this method actually perform the request to the authorization endpoint and handle the callback, or just the second part?All the examples of this library's usage I've found are from the server side, using this library together with
passport
and aStrategy
, and don't actually needclient.authorizationCallback
.I want to use the library from a native application, where I'm not using passport, and don't have any kind of session cookie (I do have my
state
andnonce
).I have the steps up to the authorization callback working fine, but am stuck on this step, in particular what to pass for
request.query
.Please let me know if this is supported and how I can use it!
The text was updated successfully, but these errors were encountered: