I just tried to test wolkenkit’s authentication with the chat template following the wolkenkit docs. User login seems to work, but the user is redirected to Auth0 even when they're already logged in (without the client calling the auth.login
method).
Here’s a code snippet from the client:
wolkenkit.connect({
host: 'local.wolkenkit.io',
port: 3000,
authentication: new wolkenkit.authentication.OpenIdConnect({
identityProviderUrl: 'https://<myIdentity>.eu.auth0.com/authorize',
clientId: '<myClientID>',
strictMode: false
})
}).
then(chat => {
console.log("chat.auth.isLoggedIn() = " + chat.auth.isLoggedIn());
console.log(chat.auth.getProfile());
if (!chat.auth.isLoggedIn()) {
return chat.auth.login();
}
});
In package.json
, the identity provider is configured as followed:
"wolkenkit": {
"environments": {
"default": {
"identityProvider": {
"name": "https://<myIdentity>.eu.auth0.com/",
"certificate": "/server/keys/<myIdentity>.eu.auth0.com"
},...
Browser log after clearing cookies (I censored the provider identity and the object returned by chat.auth.getProfile()
):
Navigated to http://local.wolkenkit.io:8080/
index.js:14 chat.auth.isLoggedIn() = false
index.js:15 undefined
Navigated to https://<myIdentity>.eu.auth0.com/login?client=<clientID>...
Navigated to http://local.wolkenkit.io:8080/
index.js:14 chat.auth.isLoggedIn() = true
index.js:15 {iss: "https://<myIdentity>.eu.auth0.com/", sub: "auth0|...", aud: "...", iat: ..., exp: ..., …}
Navigated to https://<myIdentity>.eu.auth0.com/login?client=<clientID>...
Being redirected although you configured authentication typically means that there is an error in the way the authentication is configured.
You might want to check these settings:
RS256
, not HS256
(which, for some accounts, seems to be the default of Auth0). To find out which signature algorithm is being used, get the token from the browser's local storage and paste it into the JWT debugger. Then you can see how the token was signed. If you need to change the signature algorithm, you can find this in the Advanced Settings of your client in Auth0.certificate.pem
. If it has another name, or the path in package.json
is incorrect, wolkenkit should not even start the application, but to be sure double-check that the file is named correctly.package.json
, besides the path to the certificate, you also have to provide the name of the identity provider you use, in your case this is https://<myIdentity>.eu.auth0.com/
. Please note that this must exactly match the iss
claim within the token. Often the claim in the token contains a trailing slash, while the value in package.json
does not. If they differ, use the token's value in package.json
.Once you have made your changes, make sure to empty local storage, and to restart your wolkenkit application using the following command (otherwise your changes won't become effective):
$ wolkenkit restart
Hope this helps :-)