Comments (7)
Sorry for taking so long to reply, @tonyDarriens. Like you found already, the issue is that hapi's event flow processes auth before it gets to the handlers, so you never see query string.
@geek - I went through and got the responses from (nearly) all the providers (yahoo was 500ing at the time). The query response from each of these was as follows
{
"error": "access_denied",
"error_code": "200",
"error_description": "Permissions+error",
"error_reason": "user_denied",
"state": "[hash]"
}
Foursquare
{
"error": "access_denied",
"state": "[hash]"
}
{
"error": "access_denied",
"state": "[hash]"
}
Github
(Doesn't have a cancel)
{
"error_reason": "user_denied",
"error": "access_denied",
"error_description": "The+user+denied+your+request.",
"state": "[hash]"
}
Live
{
"error": "access_denied",
"error_description": "The%20user%20has%20denied%20access%20to%20the%20scope%20requested%20by%20the%20client%20application.",
"state": "[hash]"
}
{
"denied": "[hash]"
}
The common being "error": "accessed_denied"
, with twitter being and outlier. Is there a way to catch Hapi's auth failure, or should we just Boom it like @tonyDarriens did in his example?
from bell.
Can you just check for that query string?
server.route({
method: ['GET', 'POST'],
path: '/login',
config: {
auth: {
strategy: 'twitter',
mode: 'try'
},
handler: function (request, reply) {
if (!request.auth.isAuthenticated || request.query.denied) {
return reply('Authentication failed due to: ' + request.auth.error.message);
}
return reply.redirect('/home');
}
}
});
from bell.
Hi @patrickkettner , I tried what you said but still redirects. I even put a console.log
inside the handler to see what's inside the request object, but it doesn't output anything. This is another reason why I think this has something to do with how the auth strategy handles the route and the request.params.
In the console I can see that it goes to the /login?denied=xxxx and then redirected again to Twitter.
get /login {"denied":"DOjtWJ2uJlGC8vbDc6cWKUraDHW8FQiy"} 302 (692ms)
from bell.
Hi @patrickkettner , did you managed to handle this scenario?
I was looking at the code and for now I did this to catch the denied param in the authentication flow.
In bell/lib/oauth.js
, before the verification of oauth_token
exports.v1 = function (settings) {
var client = new internals.Client(settings);
return function (request, reply) {
var cookie = settings.cookie;
var name = settings.name;
// Sign-in Initialization
// Verify if app (Twitter) was rejected
if (name=='twitter' && request.query.denied) {
return reply(Boom.internal('App was rejected'));
}
if (!request.query.oauth_token) {
// Obtain temporary OAuth credentials
var oauth_callback = request.server.location(request.path, request);
I guess this is not the best solution but at least I can avoid the redirect bug I was having.
from bell.
I would reject it how @tonyDarriens did... Is this an internal error, a misconfigured app key?
from bell.
OK, I'll work in a PR then. This happens if the user hits 'cancel' on the login screen.
from bell.
The same goes for v2 of the protocol. I'm going to write a PR for that.
from bell.
Related Issues (20)
- How to get facebook profile picture with custom size? HOT 5
- Support for idp with self signed certificates HOT 3
- Only node 12
- Require hapi 19
- Change plugin name to @hapi/bell
- Expose public API to refresh tokens HOT 2
- Replace Yahoo Social Directory Web Service HOT 2
- Issue with the meetup provider HOT 1
- "Failed obtaining twitch user profile" when using Twitch provider HOT 4
- Support functions for `provider.auth` and `provider.token` HOT 2
- Sign in with apple HOT 5
- Using for 3rd party tenants HOT 3
- docs: api page tutorial links to dead page HOT 1
- Improve the debugging experience when a payload is involved HOT 1
- Please document usage of local strategy
- Support client credentials as functions HOT 3
- Improve handling of rate limiting by Okta provider
- Add timeout configuration for requests
- Change callback path HOT 4
- Big cookie size
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bell.