auth-module: Nuxt auth does not make a request after receiving pkce_code_verifier

Hello, I have a problem when using @ nuxt / auth, I use it to interact with keycloak openID, with my settings. After I have passed the authorization, I am thrown to my page with pkce_code_verifier, but auth does not make a request to get tokens, if I do it manually with this code, then I will get tokens. What am I doing wrong, please tell me

	auth: {
		strategies: {
			keycloak: {
				scheme: 'oauth2',
				endpoints: {
					authorization: 'http://localhost:8080/auth/realms/test/protocol/openid-connect/auth',
					token: 'http://localhost:8080/auth/realms/test/protocol/openid-connect/token',
					logout: 'http://localhost:8080/auth/realms/test/protocol/openid-connect/logout'
				},
				token: {
					property: 'access_token',
					type: 'Bearer',
					maxAge: 1800
				},
				refreshToken: {
					property: 'refresh_token',
					maxAge: 60 * 60 * 24 * 30
				},
				responseType: 'code',
				accessType: 'offline',
				grantType: 'authorization_code',
				redirectUri: 'http://localhost:800/callback',
				logoutRedirectUri: undefined,
				clientId: 'new-auth-test',
				scope: ['openid', 'profile', 'email'],
				state: 'UNIQUE_AND_NON_GUESSABLE',
				codeChallengeMethod: 'S256',
			}
		}
	},

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 1
  • Comments: 27

Most upvoted comments

I fought with this same problem for a while, in the end for me what fixed it was missing the redirect object inside the auth.

auth:{
      redirect: {
        login: '/login',
        logout: '/login',
        home: '/',
        callback: '/api/authentication' <--- this was the important one
    },
    strategies: {
    /* Then the rest of your stuff */
    }
}
+2
ETS-Nathaniel on Mar 8, 2021

Just to add we never got this to work with auth-next@5.0.0-1637745161 either, the redirect URL with code and state params just never calls the token URL (or any other). Of the above suggestions neither changing the order of module imports nor adding the redirects in the auth config helped.

+1
wwform on Dec 21, 2021

What about if you just set the endpoints.token property to be the url, not an object? All mine are just strings - this is what I am using to auth with a similar provider:

      appID: {
        scheme: 'oauth2',
        secret: authInfo.secret,
        endpoints: {
          authorization: authInfo.oAuthServerUrl + '/authorization',
          token: authInfo.oAuthServerUrl + '/token',
          userInfo: authInfo.oAuthServerUrl + '/userinfo',
          logout: process.env.BASEURL + '/logout'
        },
        responseType: 'code',
        responseMode: 'web_message',
        grantType: 'authorization_code',
        clientId: authInfo.clientId,
        scope: 'openid',
        codeChallengeMethod: 'S256'
      }

If you leave state out, it gets auto generated and is random. Also if you leave redirectUri out it defaults to /callback on the hosting server.

PS: logout url has hhttp typo - not important for this convo but it’ll annoy you later 😃

I tried to do everything without using the object, it was a typo after the trial, sorry that I did not correct it immediately. I also used an empty redirect, but it still works the same way. Thanks for the typo, I corrected it)

+1
Icon003 on Oct 1, 2020
Read more comments on GitHub
← auth-module: Logout does not clear the tokens
auth-module: Nuxt Auth redirects (login/logout/home) not working →