Error: did not find expected authorization request details in session

Questions
1

I’m trying to reproduce the sample Express app shown here:

However, after signing in, I am getting this error:

Error: did not find expected authorization request details in session, req.session["oidc:https://dev-08777203.okta.com//oauth2/default"] is undefined
    at C:\my_stuff\okta_test\node_modules\openid-client\lib\passport_strategy.js:126:13
    at OpenIDConnectStrategy.authenticate (C:\my_stuff\okta_test\node_modules\openid-client\lib\passport_strategy.js:174:5)
    at attempt (C:\my_stuff\okta_test\node_modules\passport\lib\middleware\authenticate.js:366:16)
    at authenticate (C:\my_stuff\okta_test\node_modules\passport\lib\middleware\authenticate.js:367:7)
    at Layer.handle [as handle_request] (C:\my_stuff\okta_test\node_modules\express\lib\router\layer.js:95:5)
    at trim_prefix (C:\my_stuff\okta_test\node_modules\express\lib\router\index.js:317:13)
    at C:\my_stuff\okta_test\node_modules\express\lib\router\index.js:284:7
    at Function.process_params (C:\my_stuff\okta_test\node_modules\express\lib\router\index.js:335:12)
    at next (C:\my_stuff\okta_test\node_modules\express\lib\router\index.js:275:10)
    at SessionStrategy.strategy.pass (C:\my_stuff\okta_test\node_modules\passport\lib\middleware\authenticate.js:343:9)

Here is what my app.js file looks like:

require('dotenv').config()

var createError = require('http-errors');
var express = require('express');
const session = require('express-session');
const { ExpressOIDC } = require('@okta/oidc-middleware');

var app = express();

const sessionConfig = {
  secret: process.env.APP_SECRET,
  resave: true,
  saveUninitialized: false
}

const oidc = new ExpressOIDC({
  issuer: `${process.env.OKTA_ORG_URL}/oauth2/default`,
  client_id: process.env.OKTA_CLIENT_ID,
  client_secret: process.env.OKTA_CLIENT_SECRET,
  appBaseUrl: process.env.HOST_URL,
  scope: 'openid profile'
});

app.use(session(sessionConfig));
app.use(oidc.router);

app.get('/', (req, res) => {
  if (req.userContext) {
    res.send(`
      Hello ${req.userContext.userinfo.name}!
      <form method="POST" action="/logout">
        <button type="submit">Logout</button>
      </form>
    `);
  } else {
    res.send('Please <a href="/login">login</a>');
  }
});

module.exports = app;
2

Hello! You have two forward slashes in the URL after the top level domain. Could be the root of your issue.

3

Good eye! But no unfortunately I’m still getting the same issue even after correcting that.

4

@Cale is there any chance that the “default” Authorization Server needs to be configured in a different way? It currently has all default values. Is there a way I can test to see whether or not the issue is on that end?

5

@andrew_plowright It shouldn’t have to do with your auth server config.

I just setup the sample myself and am not having issues. I see someone else had a similar issue at one point, perhaps their solution would help in your case?

Another option is to check out running auth-js in node here: okta-auth-js/samples/generated/express-web-with-oidc at master · okta/okta-auth-js · GitHub

1 Like