feathers
feathers copied to clipboard
feathersjs
OAuth with OKTA work but I receive a ECONNREFUSED 127.0.0.1:80 just after the token and finally auth fail
Steps to reproduce
I've already implement google, auth0 OAuth authetication and I have difficulties with okta Here a part of default.json "oauth": { "redirect": "http://localhost:8080/sso/",
"okta": {
"key": "the key",
"secret": "the secret",
"subdomain": "dev-xxxxxxx",
"state": true,
"scope": ["openid", "profile", "email"],
}
}
},
Actual behavior
Seems the auth process is working on okta side, here some debug
@feathersjs/authentication-oauth/express Calling undefined.create authentication with strategy okta +8m
@feathersjs/authentication/base Running authenticate for strategy okta [ 'okta' ] +5ms
@feathersjs/authentication-oauth/strategy getProfile of oAuth profile from grant-profile with {
strategy: 'okta',
id_token: {
header: {
kid: 'RfB8iJHozLYMk1YvXsqlPqGDkMF4MHe8LR7KLWOyYmI',
alg: 'RS256'
},
payload: {
sub: '00u1m3gs53QQKdSyO5d7',
name: 'Devops Visult',
email: '[email protected]',
ver: 1,
iss: 'https://dev-xxxxxxx.okta.com',
aud: '0oa1m4au4c74Xz2gH5d7',
iat: 1630313832,
exp: 1630317432,
jti: 'ID.blablabla',
amr: [Array],
idp: '0someid',
preferred_username: '[email protected]',
auth_time: 1630305434,
at_hash: 'gKTe9cY79_5gj8-TVDNrGg'
},
signature: 'BKIc...A'
},
access_token: 'eyJra...mfbPg',
raw: {
token_type: 'Bearer',
expires_in: 3600,
access_token: 'eyJra...bPg',
scope: 'openid profile email',
id_token: 'eyJ...A'
}
} +8m
But just after @feathersjs/authentication-oauth/express Received oAuth authentication error Error: connect ECONNREFUSED 127.0.0.1:80 at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16) +16ms
Then the auth process return a failure to the client (localhost:8080)
Additional information : I try to have a web page running on 127.0.0.1:80 Now I don't have the error connection, but I receive the web page as username param in findEntity method
class OktaStrategy extends OAuthStrategy { async findEntity(username: any, params: any) {
console.log('OktaStrategy findEntity username(%o)', username); // here I see the page from 127.0.0.1:80 !!!
return await super.findEntity(username, params); } }
Hi! Did you manage to solve this or find out where the issue is coming from? We're facing the exact same situation here
Yes I have a working solution, but I d'nt remember what I do exactly (it was I long time now) Params are : "okta": { "key": "my key", "secret": "the secret", "profile_url": "https://dev-XXXXX.okta.com/oauth2/v1/userinfo", "dynamic": ["prompt", "login_hint"], "subdomain": "dev-XXXXX", "state": true, "scope": ["openid", "profile", "email"] },
seems I have no specific code regarding profile_url... so could be a standard param
async getProfile(data: any, params: any) {
const payload = (data && data.id_token && data.id_token.payload) ? data.id_token.payload:null;
if (!payload && data && data.error) {
const msg = data.error.error == 'login_required' ? 'user.require.interaction' : data.error.error;
throw new Forbidden(msg);
return null;
}
// Use payload given by Okta
this.id_token = data.raw.id_token;
// 127.0.0.1:80 REFUSED
const baseData = await super.getProfile(data, params).catch((err: any) => {console.log('================OktaStrategy getProfile ERROR %o', err); return null;});
return baseData ? baseData : data.id_token.payload;
}
async findEntity(username: any, params: any) {
let user = await super.findEntity(username, params);
if (!user) {
const serviceUser = app.service('users');
const payload: any = await serviceUser.find({ query: {email: username.email}, limit: 1 }).catch((err: any) => {logger.error(err); return null;});
let users: any[] = [];
if (payload && payload.data) users = payload.data;
if (users.length > 0) {
user = users[0];
console.log('OktaStrategy findEntity username(%o) BY MAIL user(%o)', username, user);
user.oktaId = username.sub;
await serviceUser._patch(user._id, {oktaId: user.oktaId}).catch((err: any) => {logger.error(err); return null;});
}
}
if (!user) throw new Forbidden('user.not.found|'+username.email);
return user;
}
