Adam Mcgrath

Added some unit tests because I had some around anyway and was able to reduce the validator code because Authlib 1.0 is out

Am going to leave this in draft mode for a bit so I can point the old QS to master and the new QS to this

Hi @andrewhamili - have a look at https://github.com/auth0/node-oauth2-jwt-bearer/issues/69#issuecomment-1191185036

Hi @d3vv3 - thanks for your suggestion. Do you have any opinions on how this SDK (or your app) would invalidate the session upon receiving the logout event?

Thanks for that @d3vv3 > On the meantime, how can I access the private key to verify it on my own? You use a public key to verify the token...

Hi @fabsev - thanks for raising this I'm not able to reproduce your issue on the basic app against the default oidc-provider, see https://github.com/auth0/express-openid-connect/compare/test-at If you provide a reproducible example...

@d3vv3 - thanks for your suggestion > My issue was that I specified authRequired: false so adding requiresAuth() before my middleware did the trick: oidc is now present when that...

Thanks for the info @d3vv3 > I was not getting anything on req.oidc other than ResponseSomething {} (emty), so I did that as a workaround and it works. I'm not...

> I have added console.log(req.oidc) on the first line in the / path. It prints RequestContext {} ES6 class getters are not enumerable, so this is expected, eg try `node...

Closing, as I believe https://github.com/auth0/express-openid-connect/issues/384#issuecomment-1252504902 answers your question