Authorize endpoint promise hangs Until timeout #333
Comments
|
Thank you @rishijung377 for reporting. I have some follow-up questions. First, did you encounter any error/warning in the consoles? What was the exact last call, when the promise stalls and does not resolve? Can you paste a minimal code example, especially with the model implementation you used, please? I also see you pasted a response object. Once the client receives this response it should redirect. FInally, we have covered this in our integration tests, here: Is there anything you can spot that might help you? |
|
Thank you @jankapunkt for the response. I have tried to answer all your queries, let me know if additional information is required.
There is no any error logs. As stated earlier, the application does not route to the redirect url, and it keeps on loading. I followed the code flow, and the updateResponse does set the response to the redirect URL(hence the response object....)
I created a very simple code snippet where I was able to reproduce the error. This is not the full application setup, as it is missing token implementation. But the main gist of this sample application to show that the application does not gets routed to ${redirectURL}?code=``
I saw the integration test, and I do have the same headers as in the integration tests, but I am not routed to the redirect URL. Logically, if the response has the correct Location header and status code, the redirect should work, right? However, it's not working here. Note that redirects work fine in other parts of the application—for example, in the auth flow, users without credentials are correctly redirected to the login page. |
|
Hello @rishijung377, As I understand, the library in itself does not send any response to the client (matter of fact, it doesn't even assume what framework you use to build the server). You would need to get the code and redirect it yourself: /// rest of your code
const code = await app.oauth.authorize(req, res, authRequest);
const url = new URL(req.query.redirect_uri);
url.searchParams.set("code", code.authorizationCode);
url.searchParams.set("state", (req.query.state) || "abc");
return res.redirect(url.toString()); |
Hey @shrihari-prakash, I do not think that is the case. Check this code here https://github.com/node-oauth/node-oauth2-server/blob/master/lib/handlers/authorize-handler.js#L366. The package is setting the response to the redirect uri and making the redirect. |
|
Hmm I just noticed the integration test sent by @jankapunkt as well... Looks like the status was indeed supposed to be set to a redirect. About the manual redirect, what was your expectation? To me, what you pasted in your comment looks correct with code and state in the URL specified in the |
The expected redirect does not happen and the application keeps on loading indefinetly |
|
@rishijung377 in that case, I think the problem is that you are overriting the express const checkAuthGrant = async (req, res, next) => {
console.log('Hello from check auth grant')
req.query.client_id = '12345';
req.query.redirect_uri = 'http://localhost:3003/secret';
req.query.state='ssotest';
req.query.response_type = 'code'
const request = new oauthserver.Request(req);
const response = new oauthserver.Response(res);
const authRequest = {
authenticateHandler: {
handle: async () => {
return ({
name: 'Rishi',
_id: 1
})
}
}
}
const code = await app.oauth.authorize(request, response, authRequest);
const url = new URL(req.query.redirect_uri);
url.searchParams.set("code", code.authorizationCode);
url.searchParams.set("state", req.query.state);
console.log("Redirecting to", url.toString());
return res.redirect(url.toString());
}This way, you are not overwriting the references permanently. |
Specify your setup
Mac OS
v23.3.0
11.0.0
5.2.0
Grant Flow: "authorization_code"
Authorizatio flow
Describe the bug
Issue: After saving the authorization code, the response does not redirect with the redirect_uri and state parameter. Instead, the Promise hangs indefinitely.
Expected Behavior: The server should redirect to the provided redirect_uri with the state parameter after successfully saving the authorization code.
Observed Behavior: The process stalls, and the redirect does not occur.
Return data from authorize()
Response Object:
To Reproduce
Steps to reproduce the behavior:
Npm install with mentioned version, create a sample app with authorization grand type, the redirect does not happen
Alternatively, please add a link to a GitHub repo
that reproduces the error/s.
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: