I have a project that I want to be able to use OpenIDConnect for session management and also be able to call services using an Authorization header. My current code looks like this...
import expressSession from "express-session";
import oidc from "passport-auth0-openidconnect";
import {ensureLoggedIn} from "connect-ensure-login";
getOpenIdMiddleware(){
const verify = (issuer, audience, profile, cb)=> cb(null, profile._json);
const oidcAuth0Config = {
domain: process.env.AUTH0_DOMAIN,
clientID: process.env.CLIENT_ID,
clientSecret: process.env.SECRET,
callbackURL: process.env.AUTH0_CALLBACK_URL,
};
console.log(oidcAuth0Config);
passport.use(new oidc.Strategy(
oidcAuth0Config,
verify,
));
this.type = "auth0-oidc";
}
this.app.get("/user",
ensureLoggedIn(),
function(req, res) {
console.log(`User is ${JSON.stringify(req.user)}`);
res.json(req.user || {});
});
This works great but now I would like something that will work for both. I tried just using passport.authenticate
like...
this.app.get("/user",
passport.authenticate(this.type, {
scope: "openid email profile",
}),
function(req, res) {
console.log(`User is ${JSON.stringify(req.user)}`);
res.json(req.user || {});
});
But that causes an indefinite loop between /user and /login.
I also tried...
const checkAuthentication = (req, res, next)=>{
if(req.isAuthenticated || req.isAuthenticated()){
next();
} else {
res.redirect("/login");
}
}
this.app.get("/user",
checkAuthentication,
function(req, res) {
console.log(`User is ${JSON.stringify(req.user)}`);
res.json(req.user || {});
});
but when I do this req.user
is undefined.
What would be an equivalent that would work for both the passport-auth0-openidconnect
and the passport-jwt
strategy?