Comments (7)
patrickkettner
commented on May 31, 2024
1
Sorry for taking so long to reply, @tonyDarriens. Like you found already, the issue is that hapi's event flow processes auth before it gets to the handlers, so you never see query string.
@geek - I went through and got the responses from (nearly) all the providers (yahoo was 500ing at the time). The query response from each of these was as follows
{
"error": "access_denied",
"error_code": "200",
"error_description": "Permissions+error",
"error_reason": "user_denied",
"state": "[hash]"
}
Foursquare
{
"error": "access_denied",
"state": "[hash]"
}
{
"error": "access_denied",
"state": "[hash]"
}
Github
(Doesn't have a cancel)
{
"error_reason": "user_denied",
"error": "access_denied",
"error_description": "The+user+denied+your+request.",
"state": "[hash]"
}
Live
{
"error": "access_denied",
"error_description": "The%20user%20has%20denied%20access%20to%20the%20scope%20requested%20by%20the%20client%20application.",
"state": "[hash]"
}
{
"denied": "[hash]"
}
The common being "error": "accessed_denied", with twitter being and outlier. Is there a way to catch Hapi's auth failure, or should we just Boom it like @tonyDarriens did in his example?
from bell.
patrickkettner
commented on May 31, 2024
Can you just check for that query string?
server.route({
method: ['GET', 'POST'],
path: '/login',
config: {
auth: {
strategy: 'twitter',
mode: 'try'
},
handler: function (request, reply) {
if (!request.auth.isAuthenticated || request.query.denied) {
return reply('Authentication failed due to: ' + request.auth.error.message);
}
return reply.redirect('/home');
}
}
});
from bell.
commented on May 31, 2024
Hi @patrickkettner , I tried what you said but still redirects. I even put a console.log inside the handler to see what's inside the request object, but it doesn't output anything. This is another reason why I think this has something to do with how the auth strategy handles the route and the request.params.
In the console I can see that it goes to the /login?denied=xxxx and then redirected again to Twitter.
get /login {"denied":"DOjtWJ2uJlGC8vbDc6cWKUraDHW8FQiy"} 302 (692ms)
from bell.
commented on May 31, 2024
Hi @patrickkettner , did you managed to handle this scenario?
I was looking at the code and for now I did this to catch the denied param in the authentication flow.
In bell/lib/oauth.js, before the verification of oauth_token
exports.v1 = function (settings) {
var client = new internals.Client(settings);
return function (request, reply) {
var cookie = settings.cookie;
var name = settings.name;
// Sign-in Initialization
// Verify if app (Twitter) was rejected
if (name=='twitter' && request.query.denied) {
return reply(Boom.internal('App was rejected'));
}
if (!request.query.oauth_token) {
// Obtain temporary OAuth credentials
var oauth_callback = request.server.location(request.path, request);I guess this is not the best solution but at least I can avoid the redirect bug I was having.
from bell.
geek
commented on May 31, 2024
I would reject it how @tonyDarriens did... Is this an internal error, a misconfigured app key?
from bell.
patrickkettner
commented on May 31, 2024
OK, I'll work in a PR then. This happens if the user hits 'cancel' on the login screen.
from bell.
chmanie
commented on May 31, 2024
The same goes for v2 of the protocol. I'm going to write a PR for that.
from bell.
Related Issues (20)
- How to get facebook profile picture with custom size? HOT 5
- Support for idp with self signed certificates HOT 3
- Only node 12
- Require hapi 19
- Change plugin name to @hapi/bell
- Expose public API to refresh tokens HOT 2
- Replace Yahoo Social Directory Web Service HOT 2
- Issue with the meetup provider HOT 1
- "Failed obtaining twitch user profile" when using Twitch provider HOT 4
- Support functions for `provider.auth` and `provider.token` HOT 2
- Sign in with apple HOT 5
- Using for 3rd party tenants HOT 3
- docs: api page tutorial links to dead page HOT 1
- Improve the debugging experience when a payload is involved HOT 1
- Please document usage of local strategy
- Support client credentials as functions HOT 3
- Improve handling of rate limiting by Okta provider
- Add timeout configuration for requests
- Change callback path HOT 4
- Big cookie size
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bell.