I'm trying to use passport-openidconnect without state but I'm unsure of why it doesn't work. I have this working for google-oauth2. I try to specify that state=false but it keeps complaining about state. Could anyone tell me what I'm doing wrong?
The error is:
Error: OpenID Connect authentication requires session support when using state. Did you forget to use express-session middleware?
at SessionStore.store (/home/nca/projects/oauth-test/node_modules/passport-openidconnect/lib/state/session.js:39:39)
at /home/nca/projects/oauth-test/node_modules/passport-openidconnect/lib/strategy.js:336:28
at Strategy.manual [as _setup] (/home/nca/projects/oauth-test/node_modules/passport-openidconnect/lib/setup/manual.js:23:12)
at Strategy.authenticate (/home/nca/projects/oauth-test/node_modules/passport-openidconnect/lib/strategy.js:274:10)
at attempt (/home/nca/projects/oauth-test/node_modules/passport/lib/middleware/authenticate.js:361:16)
at authenticate (/home/nca/projects/oauth-test/node_modules/passport/lib/middleware/authenticate.js:362:7)
at Layer.handle [as handle_request] (/home/nca/projects/oauth-test/node_modules/express/lib/router/layer.js:95:5)
at next (/home/nca/projects/oauth-test/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/nca/projects/oauth-test/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/nca/projects/oauth-test/node_modules/express/lib/router/layer.js:95:5)
Some relevant code:
const oidcOpts = {
issuer: 'https://accounts.google.com',
authorizationURL: 'https://accounts.google.com/o/oauth2/v2/auth',
tokenURL: 'https://www.googleapis.com/oauth2/v4/token',
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: 'http://localhost:3001/oidccallback',
redirect_uri: 'http://localhost:3001/oidccallback',
state: false,
store: null,
};
passport.use(new OICStrategy(oidcOpts, (issuer, sub, profile, jwtClaims, accessToken, refreshToken, tokens, done) => {
console.log("-----------------------------")
console.log(accessToken);
}));
app.get('/login', passport.authenticate('openidconnect', {state: false, session: false}));
app.get('/callback', passport.authenticate('openidconnect', {state: false, session: false, "callback": true, failureRedirect: '/login'}), routes.openidCallback)
It is not possible according to the author of node-openid-client