Auth-module: OAuth 2 flow with external server
Let me say right away that this is a question and not an issue.
I'd like to be able to execute the OAuth 2 flow with an external server, that exchanges the provider returned code with a JWT. Right now I'm doing the same thing with vue-authenticate by setting the baseUrl config option to the URL of my external API server.
Now, by watching the auth-module code, I kinda figured out that I had to set the response_type config option for the strategy to code, but in this case the POST request that takes out the code is made to url: window.location.origin + this.options.access_token_endpoint, (from /lib/schemes/oauth2.js).
So, it seems to me that I can't forward the POST request to an external server because window.location.origin is always prepended to the URL. Am I right or am I just making some mistake interpreting the code?
dappiu
All 7 comments
It looks like this has recently been updated from url: window.location.origin + this.options.access_token_endpoint, to url: this.options.access_token_endpoint,: https://github.com/nuxt-community/auth-module/commit/18ecca5d3b27a110d16dbe4d18cb471e6dd27c32#diff-7240ef8911497bc8f28e099b3e551acbR101
sschadwick
on 21 Apr 2018
@dappiu Yes it is fixed. Just update to 4.2.0
robsontenorio
on 23 Apr 2018
Great info – This should be added to the docs!
I got it to work, so that the request is forwarded to the server, but on the server side the request has no body data. I'm using bodyParser.json() with my express server.
abegehr
on 4 Sep 2018
I figured it out. On the server-side you need to use the bodyParser.urlencoded() parser to get the code at req.body.code.
I think we should:
1) use json data encoding, since this is a JS library
2) add this to the docs at https://auth.nuxtjs.org/schemes/oauth2.html
abegehr
on 4 Sep 2018
@abegehr How does Nuxt.js make this call? For instance I have a button with which you get redirected to a Keycloak Login-Page. Fill in the stuff, you get redirected back to a /callback endpoint.
From there on, do we have to extract the code "by hand" and send the code to the token endpoint? I guess not, but I'm struggling with the auth since a few weeks (and I'm super new to frontend stuff in general).
JohannesLichtenberger
on 16 Nov 2019
Two major site in my country, naver.com and kakao.com, do not support response_type = 'token'
They only support response_type = 'code'
please give us detail information about response_type = 'code.
The official doc said that
By default is token. If you use code you may have to implement a server side logic to sign the response code.
Is there anyone who can explain the server side logic?
sangemi
on 5 Jan 2020
You may find this example useful - it helped me a lot https://github.com/sirixdb/sirix-web-frontend
sergey-koba-mobidev
on 26 Aug 2020
Related issues
roosht3
·
3Comments
Amoki
·
3Comments
javialon26
·
3Comments
AhmedAtef07
·
3Comments
DougHayward
·
4Comments
Most helpful comment
Two major site in my country, naver.com and kakao.com, do not support response_type = 'token'
They only support response_type = 'code'
please give us detail information about response_type = 'code.
The official doc said that
By default is token. If you use code you may have to implement a server side logic to sign the response code.
Is there anyone who can explain the server side logic?