Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to integrate passport authentication without express web app? #10127

Open
apfz opened this issue Oct 24, 2023 · 0 comments
Open

How to integrate passport authentication without express web app? #10127

apfz opened this issue Oct 24, 2023 · 0 comments
Labels
bug

Comments

@apfz
Copy link

apfz commented Oct 24, 2023
edited
Loading

Describe the bug

I have my front-end separated from my loopback application and I am trying to implement authentication through passport.

However I receive the following error (after it is making a GET request to https://myapi.com/auth/thirdparty/twitter):

Request GET /auth/thirdparty/twitter failed with status code 500. InternalServerError: Error: OAuth authentication requires session support. Did you forget to use express-session middleware?

The only adjustment I have made is to remove the web-application folder from the loopback-passport example repository.

I then tried to integrate it with my React JS application.I made slight modifications to the src/controllers/oauth2.controller.ts:

@authenticate('oauth2')
  @get('/auth/thirdparty/{provider}')
  /**
   * This method uses the @authenticate decorator to plugin passport strategies independently
   *
   * Endpoint: '/auth/thirdparty/{provider}'
   *          an endpoint for api clients to login via a third party app, redirects to third party app
   */
  loginToThirdParty(
    @param.path.string('provider') provider: string,
    @inject(AuthenticationBindings.AUTHENTICATION_REDIRECT_URL)
    redirectUrl: string,
    @inject(AuthenticationBindings.AUTHENTICATION_REDIRECT_STATUS)
    status: number,
    @inject(RestBindings.Http.RESPONSE)
    response: Response,
  ) {
    return {redirectUrl: redirectUrl};
  }

  @oAuth2InterceptExpressMiddleware()
  @get('/auth/thirdparty/{provider}/callback')
  /**
   * This method uses the passport strategies as express middleware
   *
   * Endpoint: '/auth/thirdparty/{provider}/callback'
   *          an endpoint which serves as a oauth2 callback for the thirdparty app
   *          this endpoint sets the user profile in the session
   */
  async thirdPartyCallBack(
    @param.path.string('provider') provider: string,
    @inject(SecurityBindings.USER) user: UserProfile,
    @inject(RestBindings.Http.REQUEST) request: Request,
    @inject(RestBindings.Http.RESPONSE) response: Response,
  ) {
    // const profile = {
    //   ...user.profile,
    // };
    // request.session.user = profile;
    // response.redirect('/auth/account');
    return response;
  }

In src/authentication-strategy-providers/twitter.express-mv.ts I also tried to set session to false:

@injectable.provider({scope: BindingScope.SINGLETON})
export class TwitterOauthExpressMiddleware implements Provider<ExpressRequestHandler> {
  constructor(
    @inject('twitterStrategy')
    public twitterStrategy: TwitterStrategy,
  ) {
    passport.use(this.twitterStrategy);
  }

  value() {
    return passport.authenticate('twitter',{session: false});
  }
}

but unfortunately no luck.

Any support is welcome!

Logs

No response

Additional information

No response

Reproduction
@apfz apfz added the bug label Oct 24, 2023
@apfz apfz changed the title How to integrate passport authentication without nextjs? How to integrate passport authentication without express web app? Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@apfz