I’ve got a ‘simple’ Express + Node.js + EJS Serverless application that is extremely simple that I’m attempting to put behind authentication. I’m following the Okta-Hosted Login Page Example and having downloaded that I can confirm our Okta set up is correct as I used the same Client ID and Client Secret that I created for my intended application.
Using the oidc-middleware appears to work but I get the following error when I navigate to /login:
Error: did not find expected authorization request details in session, req.session["oidc:https://_URL_/oauth2/default"] is undefined
This is the same error I get to a route that is protected via oidc.ensureAuthenticated().
This is a simplified app.js:
const _ = require('lodash');
const { createReadStream } = require('fs');
const express = require('express');
const session = require('express-session');
const path = require('path');
const bodyParser = require('body-parser');
const { ExpressOIDC } = require('@okta/oidc-middleware');
const clientID = 'CLIENT_ID';
const clientSecret = 'SECRET';
const app = express();
const oidc = new ExpressOIDC({
issuer: 'https://tempus.oktapreview.com/oauth2/default',
client_id: clientID,
client_secret: clientSecret,
redirect_uri: 'http://localhost:4500/authorization-code/callback',
scope: 'openid profile',
});
app.use(session({
secret: 'this-should-be-very-random',
resave: false,
saveUninitialized: false,
cookie: {},
}));
app.use(oidc.router);
app.disable('x-powered-by');
app.use(bodyParser.json({ strict: false }));
app.use(bodyParser.urlencoded({ extended: true }));
app.set('views', path.join(__dirname, 'app/views'));
app.set('view engine', 'ejs');
app.get('/', async (req, res) => {
try {
console.log('Cookies: ', req.cookies);
console.log('params: ', req.params);
console.log('query: ', req.query);
if (req.userContext) {
console.log('!!!!!!userContext so logged in!!!!!!');
// res.send(`Hello ${req.userContext.userinfo.name}! <a href="logout">Logout</a>`);
} else {
console.log('!!!!!!no userContext not logged in!!!!!!');
// res.send('Please <a href="/login">login</a>');
}
const data = {test: 'foo'};
data.testRuns = groupedResults;
data.keys = keys;
res.render('dashboard', { data });
} catch (e) {
logger.fireError(e);
}
});
oidc.on('ready', () => {
app.listen();
});
oidc.on('error', (err) => {
console.log('Unable to configured ExpressOIDC', err.stack);
throw err;
});
module.exports = app;
The app is launched via the following:
const serverless = require('serverless-http');
const app = require('./app');
module.exports.handler = serverless(app);
Locally the app is started via:
sls offline start --port 4500
Up to now, there has been no conflict with the express app and serverless which is basically just acting as a proxy.