NestJS: Oidc middleware issues

Hey all

My question is extremely similar to Oidc middleware issues: ensureAuthenticated() doesn't work and userinfo isn't set

I am using NestJS and trying to add auth to my app. I am using the @okta/oidc-middlewar package and configuring the middleware based on the guide and readme for adding it into an Express app.

NestJS uses express underneath. I have been struggling for the longest time to achieve a protected route and a login.

My main.ts

export const oidc = new ExpressOIDC({
  issuer: 'my credentials',
  client_id: 'my credentials',
  client_secret: 'my credentials-zp1TcWQL4',
  redirect_uri: 'http://localhost:3001/my-credentials',
  scope: 'openid profile',
  appBaseUrl: 'my url'
});

async function bootstrap(oidc) {
  const app = await NestFactory.create(AppModule);
  // session support is required to use ExpressOIDC
  app.use(session({
    secret: 'this should be secure',
    resave: true,
    saveUninitialized: false
  }));

  // ExpressOIDC attaches handlers for the /login and /authorization-code/callback routes
  app.use(oidc.router);

  app.use(helmet());
  app.use(cookieParser());
  app.enableCors();
  
  oidc.on('ready', async () => {
    await app.listen(3001, () => console.log(`Started!`));
  });
  
  oidc.on('error', err => {
    console.log('Unable to configure ExpressOIDC', err);
  });
}
bootstrap(oidc);

My middleware function

import { oidc } from 'src/main';

export function ensureAuth(req: Request, res: Response, next: Function) {
  oidc.ensureAuthenticated()
  next();
}

And then it is applied in my app.module.ts as per how to use middleware in NestJS

Two issues:

  1. When I try the /login route i get:
    ForbiddenError: invalid csrf token
    {
    “statusCode”: 500,
    “message”: “Internal server error”
    }

  2. The route I wanted protected works as normal and is not protected

Does anyone have suggestions on what I could be doing wrong or any bad assumptions I am making?

Did you solve?
I want a solution and a sample.

Hi,

Would you be able to capture the network traces and email developers@okta.com with the details so that an Engineer can help you troubleshoot the issue ?