js
js copied to clipboard
logto-io
bug: organization token is the same between orgs
Describe the bug
Scenario: a user has two linked organizations, requests organizations token using SDKs Problem: the token returned for the two organizations is the same. When decrypted the value in aud, which ends with the organization id, is the same.
Expected behavior
In the organization tokens array we get different tokens for different organizations
How to reproduce?
Logto Config
export const logtoConfig = {
appId: process.env.LOGTO_APP_ID as string,
cookieSecure: process.env.NODE_ENV === "production",
baseUrl: process.env.LOGTO_BASE_URL as string,
endpoint: process.env.LOGTO_ENDPOINT as string,
appSecret: process.env.LOGTO_APP_SECRET as string,
cookieSecret: process.env.LOGTO_COOKIE_SECRET as string,
resources: ["http://localhost:8001/"],
scopes: [
UserScope.Email,
UserScope.Phone,
UserScope.CustomData,
UserScope.Identities,
UserScope.Organizations,
],
};
export const getUser = async () => {
const context = await getLogtoContext(logtoConfig, {
fetchUserInfo: true,
getAccessToken: true,
resource: "http://localhost:8001/",
getOrganizationToken: true,
});
if (!context.isAuthenticated || !context.accessToken) {
return redirect("/login");
}
return {
accessToken: context.accessToken,
...context,
};
};
//Login Route
import { signIn } from "@logto/next/server-actions";
import { logtoConfig } from "../../../../libraries/logtoConfig";
export async function GET(request: Request) {
await signIn(logtoConfig);
}
//Callback route
export async function GET(request: NextRequest) {
const searchParams = request.nextUrl.searchParams;
await handleSignIn(logtoConfig, searchParams);
redirect("/");
}
When user is logged in we print it. Output value is
{
...,
"organizationTokens": {
"qyallvg2duq4": "eyJhbGciOiJFUzM4NCIsInR5cCI6ImF0K2p3dCIsImtpZCI6InVSQVhTS0hfaVNiWU1ncHRTbGFqMnozeWZxYWphcDJjbUNVMzVPRFluaHMifQ.eyJqdGkiOiJERFFNVTJNcGJIcTQ0dkU4aExLZHkiLCJzdWIiOiJrenkweG43c2Q0OGoiLCJpYXQiOjE3MTM3NzU4NjEsImV4cCI6MTcxMzc3OTQ2MSwic2NvcGUiOiJwYXltZW50czpyZWFkIiwiY2xpZW50X2lkIjoicndmcWt2NWNveDFrN25xcHFrZWdjIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDozMzAxL29pZGMiLCJhdWQiOiJ1cm46bG9ndG86b3JnYW5pemF0aW9uOnF5YWxsdmcyZHVxNCJ9.MiIYdVsXSkyuqeH_bG1sW8P1g3V5VLeNU5BIKUWj3CnFErpKqvgQ_PwTTM2ql7JjqnmVKOAKxecTjCPFco4F0Mj_sGCIw4YXaTMvT_kah_xjt5WgYhZRUwq2kB-ARZf5",
"wg87wjmt9v1z": "eyJhbGciOiJFUzM4NCIsInR5cCI6ImF0K2p3dCIsImtpZCI6InVSQVhTS0hfaVNiWU1ncHRTbGFqMnozeWZxYWphcDJjbUNVMzVPRFluaHMifQ.eyJqdGkiOiJERFFNVTJNcGJIcTQ0dkU4aExLZHkiLCJzdWIiOiJrenkweG43c2Q0OGoiLCJpYXQiOjE3MTM3NzU4NjEsImV4cCI6MTcxMzc3OTQ2MSwic2NvcGUiOiJwYXltZW50czpyZWFkIiwiY2xpZW50X2lkIjoicndmcWt2NWNveDFrN25xcHFrZWdjIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDozMzAxL29pZGMiLCJhdWQiOiJ1cm46bG9ndG86b3JnYW5pemF0aW9uOnF5YWxsdmcyZHVxNCJ9.MiIYdVsXSkyuqeH_bG1sW8P1g3V5VLeNU5BIKUWj3CnFErpKqvgQ_PwTTM2ql7JjqnmVKOAKxecTjCPFco4F0Mj_sGCIw4YXaTMvT_kah_xjt5WgYhZRUwq2kB-ARZf5"
}
}
Context
"@logto/next": "^3.2.1", Application: Next.Js with server actions
- [ ] Logto Cloud
- [X] Self-hosted, Logto version = v1.15.0
- [X] Container (Docker image)
- [ ] Raw Node.js
I can reproduce the same with the next server actions sample project. Please take a look when you have time @wangsijie
There is a bug when we make concurrent requests for granting organization tokens.
