General OpenID login plugin development



  • I'm trying to create an OpenID auth login and I need help.

    According to other SSOs and auth plugins there is a difference that there is no need for admin page with api/app key but before going to /auth/openid there is a form required to specify an OpenID identifier (url) so it POSTs to /auth/openid with open_identifier variable set, which might be different for every user.

    I've tried to create an '/auth/openid_form' route and add there a static page with a form (hooked to filter:server.create_routes)

    where the form is:

    <form action="/auth/openid" method="post">
        <div>
            <label>OpenID identifier:</label>
            <input type="text" name="openid_identifier" size="40" /><br/>
        </div>
        <div>
            <input type="submit" value="Sign In"/>
        </div>
    </form>
    

    I can display the form by browsing to /auth/openid_form but when I enter anything I get Error: Forbidden:

    Error: Forbidden
        at Object.exports.error (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/utils.js:60:13)
        at Object.handle (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/middleware/csrf.js:54:41)
        at next (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/proto.js:190:15)
        at next (/home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/middleware/session.js:313:9)
        at /home/nodebb/www/nodebb/node_modules/express/node_modules/connect/lib/middleware/session.js:337:9
        at /home/nodebb/www/nodebb/node_modules/connect-mongo/lib/connect-mongo.js:220:17
        at /home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/collection/query.js:147:5
        at Cursor.nextObject (/home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/cursor.js:733:5)
        at commandHandler (/home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/cursor.js:713:14)
        at /home/nodebb/www/nodebb/node_modules/mongodb/lib/mongodb/db.js:1806:9
    

    If I do not fill anything as open_identifier /auth/openid just responds 'Unauthorized' which seems ok to me.

    I am not sure if this is CSRF issue with recent changes in express/connect or if I am doing something wrong.

    Actually, there is another thing... how to add this form into a strategy so it is asked before using passport.auth? I mean, if I push strategy with URL /auth/openid it works fine but I need the link for OpenID login to go to /auth/openid_form first and not call passport.auth on this route and call passport.auth later on /auth/openid

    Tips or any heads up? 🙂


  • GNU/Linux Admin

    Hmm... the "Forbidden" error is definitely a CSRF issue... in StackOverflow, they ask for this during login for OpenID:

    Selection_004.png

    Is this what you're trying to create?

    Ensure you're passing in a hidden input field with id _csrf in your form.



  • @julian thanks. I've fixed the csrf issue.

    another issue appeared 🙂

    I hook the form page on the route /auth/openid_form with action posting to /auth/openid
    also I add the strategy with route /auth/openid

    If I fill the form on /auth/openid_form, it POSTs to /auth/openid, but it returns 302 and redirects to /404 and logs warn: Route requested but not found: /auth/openid

    I've also tested my OpenID provider with passport-openid example from https://github.com/jaredhanson/passport-openid/tree/master/examples/signon to ensure it is not in provider or my understanding of passport-openid. So it must be my misunderstanding of express and nodebb 🙂

    I'm very confused 😕 🙂

    See library.js - http://pastebin.com/HX0MNbmM
    and hooks:

      "hooks": [
        {
          "hook": "filter:auth.init", "method": "getStrategy", "callbacked": false
        },
        {
          "hook": "filter:server.create_routes", "method": "addOpenIDLoginRoute", "callbacked": true
        }
    

    Or here is my whole source code of nodebb-plugin-openid
    (please, It's development prototype. First I'm aiming for working prototype and then I'll revise it to publish it properly)



  • @Tomáš-Simon-Klapka

    When you do finish and release it, I hope it comes bundled with every install.


Log in to reply
 

Suggested Topics

  • 1
  • 23
  • 6
  • 119
  • 4
| |