Passport authenticate in Nodejs hangs

This is my first project with both passport and Okta in a Nodejs app. I can get the Okta login page, successfully login to Okta, and get redirected to the callback url with a code. This works perfectly.

However, I am having a problem getting the user profile. The call to passport.authenticate in the callback hangs. There are no errors reported or in the log.

I have looked at multiple examples and tried many variations, but I do not see what I am doing wrong. Any idea?

Code segment:

    passport.use('oidc', new Strategy({
        issuer: process.env.ISSUER_URL,
        authorizationURL: process.env.AUTH_URL,
        tokenURL: process.env.TOKEN_URL,
        userInfoURL: process.env.USER_URL,
        clientID: process.env.CLIENT_ID,
        clientSecret: process.env.CLIENT_SECRET,
        callbackURL: process.env.CALLBACK_URL,
        scope: 'openid profile'
    }, (issuer, profile, done) => {
        return done(null, profile);
    }));

    passport.serializeUser((user, done)  => {
        done(null, user);
    });
    passport.deserializeUser((obj, done) => {
        done(null, obj);
    });

    app.post('/oktalogin', passport.authenticate('oidc'));

    app.use('/authorization-code/callback', function(req,res) {
        passport.authenticate('oidc', { failureRedirect: '/autherror' }),
            (req, res) => { res.redirect('/profile') };
    });

    app.use('/profile', (req, res) => {
        res.render('profile', { USER: req.user });
    });

    app.use('/autherror', (req,res) => {
        res.render('error',{ MSG: "AUTH ERROR" });
    });

Hello,
Are you able to verify if the /token call is happening?
If successful you should see a log entry in the Okta System.log. If there is an error in the call it may or may not show up the in the log, depending.

If you check the system.log and see no entry either positive/negative, just to test you might try changing the tokenURL in your configuration to a local route capable of handling a POST request and verify that the /token call is even happening.

For reference: Build Secure Node Authentication with Passport.js and OpenID Connect | Okta Developer

Hi Eric,

Thanks for your response, I don’t have admin access to Okta, but I can verify that it does log me into Okta and returns a code to the callback without a system error. The problem seems to be returning the profile, is there a way to verify if it is, or is not, a CORS problem?

There should be no CORS request for the flow you described. When the code is returned I assume your browser is being 302 back to you Node server correct? This is not a CORS call, but a user-agent redirect.
Once the Node process receives the code it should make a call to the /token endpoint to retrieve your tokens. This happens from the Node server, so not a CORS call either.

It does return to the node server callback url and it returns a code. I am working from the following documentation:
https://developer.okta.com/docs/guides/sign-into-web-app-redirect/node-express/main/

This document does not mention making a call to the /token endpoint, am I using the wrong documentation?
If so, can you send me the correct link?