Okta oidc-middleware showing not authenticated


#1

Hi,
My team is using the oidc-middleware to handle the authentication for routes in our Node application. We have followed the quickstart guide to get everything set up. Everything works well for accessing the client side of the application, when navigating to the app, we are redirected to the Okta login, then back to the application after the user successfully authenticates.

Our problem occurs when our app tries to load after authentication, we have several requests to routes on our express server that make API requests. We want all of the routes to require authentication, so we are using the ‘oidc.ensureAuthentication()’ for all requests. After the user has logged in and been authenticated, they are rejected for subsequent requests to the apis in our express server. Here is the oidc-middleware set up and the route configuration:

const oidc = new ExpressOIDC({
	issuer: <our issuer uri>
	client_id: <our client id>,
	client_secret: <our client secret>,
	redirect_uri: 'http://localhost:3000/authorization-code/callback',
	scope: 'openid profile',
	timeout: 15000, // bump the timeout to 15 seconds to make sure there is enough time to connect
});

// ExpressOIDC will attach handlers for the /login and /authorization-code/callback routes
app.use(oidc.router);

// Add protection to the routes
app.use(oidc.ensureAuthenticated());


// configure the proxy pass through to the api server
app.use('/requests', proxy('http://localhost:3001', {
	proxyReqPathResolver: (req) => {
		const pathyPath = '/requests' + require('url').parse(req.url).path;
		return pathyPath;
	},
}));

Is there anything we are doing wrong here that would lead to subsequent requests not being authenticated?


#2

This was on me. Figured out my issue. In my fetch requests from my application to my /requests route, I was not including the credentials in the requests.

Just needed to add

{
    credentials: 'same-origin',
}

to my fetch requests.