Prerequisites
Issue
Hi,
I am trying to use fastify-passport with openid-client and fastify/secure-session. I am able to use it with simple routing. But if i try to forward an url so that the oidc callback knows where to lead the user after login, I am stuck, since I cannot pass on the returnTo value.
I have two routes. The connect route redirects the user the the foreign oidc provider login page. After login user will be redirected to my callback route.
I have tried two variants to get the returnTo variable to the callback. My session will stay undefined and the state value will have a random string.
fastify.get(
`/connect`,
function (request, reply) {
// variant 1 - state oidc standard
const state = request.querystring.returnTo
// variant 2 - use session
request.session.set('returnTo', request.querystring.returnTo)
return fastify.passport
.authenticate([provider], {
failureRedirect: '/login?status=notauthorized',
authInfo: false,
keepSessionInfo: true,
state,
})
.call(this, request, reply)
},
)
fastify.get(
`/connect/callback`,
{
preValidation: fastify.passport.authenticate([provider], {
authInfo: false,
}),
},
async (request, reply) => {
console.log(request.session.get('returnTo')) // undefined
console.log(request.query?.state) // some random string
if (request.user) {
reply.redirect(returnTo)
} else {
reply.redirect('/login')
}
},
)My Variant 1 approach - using state of OIDC does not seem to work, since the provider does not have PKCE, therefore a nonce and state value will be used by openid-client.
My Variant 2 approach using session returns undefined.
I already had to patch the passport file of openid-client to allow use of specified query param:
authenticate(req, options) {
...
const currentUrl = this.currentUrl(req);
+ /** delete returnTo query param */
+ currentUrl.searchParams.delete('returnTo')
if ((req.method === 'GET' && currentUrl.searchParams.size === 0) ||
}So I am not able to pass information from one route to another. Am I missing something concerning using session? I guess I loose it, because the remote server and not my web client is calling the callback function. But also the state approach is not helping.
Awaiting changes on openid-client side won't be frutiful ( panva/openid-client#747 )
Prerequisites
Issue
Hi,
I am trying to use fastify-passport with openid-client and fastify/secure-session. I am able to use it with simple routing. But if i try to forward an url so that the oidc callback knows where to lead the user after login, I am stuck, since I cannot pass on the returnTo value.
I have two routes. The
connectroute redirects the user the the foreign oidc provider login page. After login user will be redirected to mycallbackroute.I have tried two variants to get the returnTo variable to the callback. My session will stay undefined and the state value will have a random string.
My Variant 1 approach - using state of OIDC does not seem to work, since the provider does not have PKCE, therefore a nonce and state value will be used by openid-client.
My Variant 2 approach using session returns undefined.
I already had to patch the passport file of openid-client to allow use of specified query param:
authenticate(req, options) { ... const currentUrl = this.currentUrl(req); + /** delete returnTo query param */ + currentUrl.searchParams.delete('returnTo') if ((req.method === 'GET' && currentUrl.searchParams.size === 0) || }So I am not able to pass information from one route to another. Am I missing something concerning using session? I guess I loose it, because the remote server and not my web client is calling the callback function. But also the state approach is not helping.
Awaiting changes on openid-client side won't be frutiful ( panva/openid-client#747 )