Using express-openid-connect in httpNodeMiddleware for authenticating through Auth0 leaves req.oidc empty

I am trying to use Auth0 for authentication of endpoints in my flow. As far as I can see, this requires httpNodeMiddleware. Passport-auth0 refers to express-openid-connect, so I am trying to use that.

I have managed to get the basics working, and also to require authentication for only specific endpoints. The express-openid-connect examples (link to follow) suggest that I should have a non-empty object req.oidc when authentication is successful, but in my case this object is empty.

What strikes me, is that I need to have an http in node in my flow with the callback endpoint for Auth0, but that node never gets activated; most likely because the middleware is taking care of responding to the callback (which is fine). I found a Github ticket for express-openid-connect (link to follow) where someone had a similar issue, and it seems that their issue was caused by the callback being overridden (link to follow).

Could Node-RED be overriding my callback in some way? Is there a way to define a route at the middleware level in settings.js?
Or perhaps someone has experience with using express-openid-connect and Auth0 in combination with Node-RED?

At the top of my settings.js I have this:

const { auth, requiresAuth } = require('express-openid-connect');

And my httpNodeMiddleware in settings.js looks like this:

	httpNodeMiddleware: [
		auth({
			authRequired: false,
			issuerBaseURL: 'https://dev-some_unique_id.eu.auth0.com',
			baseURL: 'https://localhost/',
			clientID: 'some id that I prefer not to share',
			secret: 'some secret that I prefer not to share',
			idpLogout: true,
			routes: {
				callback: '/mycallback'
			},
		}),
		function (req, res, next) {
			var url = require("url");
			if (url.parse(req.url).pathname == '/test2') {
				requiresAuth()(req, res, next);
			} else {
				next();
			}
		}
	],

I'll try to add more links in a follow-up comment, because I am not allowed more than two links.

The express-openid-connect examples.

The Github ticket for express-openid-connect and the comment about it being caused by the callback being overridden.

(Feeling slightly silly to keep replying to my own post)

I found out that the req.oidc object only looks empty, but actually does have properties that can be used. I was not familiar with this possibility, and I did not see it mentioned in documentation. But someone else did have the same issue.

So the whole thing is unrelated to Node-RED, and my issue seems solved.

2 Likes

Not at all. It's very useful for the community and future readers. I wish more would. .

Possibly a proxy object.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.