Comments (14)
https://github.com/panva/node-openid-client#changing-http-request-defaults
openid-client uses got for http requests
got on proxies > https://github.com/sindresorhus/got#proxies
or setting HTTP_PROXY and HTTPS_PROXY env options might
from node-openid-client.
@panva Did not want to open new issues since it is not really an issue - more of another question. How do I handle logouts? Does the password logout handle this automatically?
from node-openid-client.
How do I handle logouts? Does the password logout handle this automatically?
what's a password logout?
from node-openid-client.
sorry, meant Passport
from node-openid-client.
see #16, logout is "your turf"
from node-openid-client.
👍 Thank you.
from node-openid-client.
You're very welcome.
from node-openid-client.
Quick Q, I am trying to use openid-client
in a web farm environment and I get the following error:
name=AssertionError, actual=0, expected=true, operator===, message=no valid key found, generatedMessage=false,
Seems to be coming from here:
key(def, allowMulti) {
const lookupCache = instance(this).cache;
// refresh keystore on every unknown key but also only upto once every minute
const freshJwksUri = lookupCache.get(def) || lookupCache.get('throttle');
return this.keystore(!freshJwksUri)
.then(store => store.all(def))
.then((keys) => {
assert(keys.length, 'no valid key found');
if (!allowMulti) {
assert.equal(keys.length, 1, 'multiple matching keys, kid must be provided');
lookupCache.set(def, true);
}
return keys[0];
});
}
Is there anything special I need to do in a web-farm environment? What key is it looking for?
from node-openid-client.
What key is it looking for?
public keys your OpenID Provider exposes via it's jwks_uri
web farm environment
has nothing to do with this.
I get the following error
check the received id_token's header and see if it can be matched with a single key in the provider's jwks_uri, if you don't know how post the full id_token and the contents of your provider's jwks_uri.
from node-openid-client.
by key, do you mean kid
?
from node-openid-client.
i see that my jwks_uri shows 2 different sets of values. that probably explains the problem. Is that key dependent on the cert being used to sign? My kid
and n
seem to be different depending on which server in the farm is being hit.
from node-openid-client.
that probably explains the problem
no it doesn't
by key, do you mean kid?
no i mean a JWK in the JWKS under jwks_uri endpoint.
My kid and n seem to be different depending on which server in the farm is being hit.
you're asking about a client library, but are explaining your jwks_uri being different on the provider side
please make up your mind.
from node-openid-client.
check the received id_token's header and see if it can be matched with a single key in the provider's jwks_uri, if you don't know how post the full id_token and the contents of your provider's jwks_uri.
from node-openid-client.
Sorry about the confusion. The issue was with the provider not using the same signing cert. All good on the client. Thank you for your prompt responses.
from node-openid-client.
Related Issues (20)
- OAuth 2.0 Device Authorization Grant (Device Flow) - poll without PKCE HOT 3
- Type checking httpOptions and rejectUnauthorized
- RPError thrown when IdToken JWE Header enc is blank HOT 2
- client won't run under `edge` runtime HOT 1
- Support setting client_secret to an empty string when using client_secret_basic or client_secret_post HOT 1
- Cannot assign to read only property 'dpopProof' of object '#<Client>' HOT 2
- Unsuccessful Callback to Unknow client side error HOT 10
- isKeyObject check fails in Bun HOT 5
- Scope delimiter replace problem HOT 2
- Multiple authenticate requests from the same session causes state mismatch HOT 1
- Can't authenticate when the server advertises authorization_response_iss_parameter_supported HOT 2
- Requests made without Accept-Encoding header HOT 1
- "cty" should not be included in jwks query HOT 2
- URL is not a constructor at Issuer.request HOT 1
- Application and Identity manger on different domains HOT 1
- Support other status code than 200 HOT 4
- Unable to use private_key_jwt auth method with Azure.
- Audience matching doesn't work as intended HOT 1
- Using `authorizationUrl()` in combination with PAR adds too many parameters HOT 3
- update interface AuthenticateOptions to include redirect_uri HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-openid-client.