-
-
Notifications
You must be signed in to change notification settings - Fork 3k
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manually Test Providers (v4) #2524
Comments
Made some updates and wrote notes regarding providers that will be difficult / impossible for us to manually test. I'll manually try some of the additional ones for which we have clientId's / secrets soon 👍 |
Anyone reading this, if you use any of the built-in providers, we would highly appreciate your help making sure that those will work in the future! Until now, we haven't enforced anything at all, and so some built-in providers might have never even worked properly... Please leave a comment here if you find an issue or have anything related to say! 🙏 💚 |
Hi, @lluia . I'm trying to integrate nextjs with azure ad. After detailed check, I think the issue is at auth step where to "scope" is always set to "openid" rather than the one defined in doc which should be 'offline_access User.Read' This scope 'openid', the get user function does not have enough permission to retrive user information with graph api /me and always generate 403. I'm not expert on either aad or next-auth so I can hardly sure if this is a bug or something wrong with my setting but I have tried to force the scope to 'offline_access User.Read' which makes it work. |
Hi @lluia, I´m trying to upgrade Next-auth import NextAuth from 'next-auth';
import CognitoProvider from 'next-auth/providers/cognito';
export default NextAuth({
providers: [
CognitoProvider({
clientId: process.env.COGNITO_CLIENT_ID,
clientSecret: '',
domain: process.env.COGNITO_DOMAIN,
issuer: `https://${process.env.COGNITO_DOMAIN}/`
})
],
callbacks: {...}
});
After a little research, this error is not in your library, it is due to a dependence library |
@javigonz you should set the client's token endpoint auth method to none, not your client secret to an empty string. That's the very much intended state. Whether next-auth abstracts setting the method to none for you or exposes a client auth property is out of openid-client Lin's control. |
Yeah @panva, probably that the key, add a way to set this token endpoint auth method into https://next-auth.js.org/configuration/providers/oauth-provider#options |
Going to expose further options through #2717, I'll just test it out locally. |
@javigonz could you test out? #2717 (comment) Check the new |
This comment has been minimized.
This comment has been minimized.
Testing the EVE Online integration, I receive the following error from EVE's login server:
If I update the scope in the URL to
After investigating further and testing myself, I got it working with an updated provider where I specified the authorization property in the default parameters for the provider. I opened a PR with these changes, where I also rewrote the EVE Provider in TypeScript. |
Hi! Thanks so much for what is shaping up to be an excellent library. I'm testing I first referenced the documentation for this provider, but using this config provided a successful response for me:
|
URL still only has |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
@spencerpowell can you share your config section where you setup the Wordpress Provider? |
Hey @tmtk75 thanks for pointing this out, looks like the dropbox URLs for their OAuth endpoints might be wrong. I'll double check this and get back to you 👍 EDIT: So I dug into this and was able to reproduce it. I also double checked all URLs and they seemed correct. The error is happening in the |
Hi. I'm trying to use KakaoProvider but somthing is wrong. Here's my Error. Here's my [...nextauth].ts import NextAuth from 'next-auth';
import { VARIABLES } from 'src/common';
import KakaoProvider from 'next-auth/providers/kakao';
import NaverProvider from 'next-auth/providers/naver';
import GoogleProvider from 'next-auth/providers/google';
export default NextAuth({
providers: [
KakaoProvider({
clientId: VARIABLES.KAKAO_REST_KEY,
clientSecret: VARIABLES.KAKAO_CLIENT_SECRET,
}),
NaverProvider({
clientId: VARIABLES.NAVER_CLIENT_ID,
clientSecret: VARIABLES.NAVER_SECRET,
profile: profile => {
return profile.response;
},
}),
GoogleProvider({
clientId: VARIABLES.GOOGLE_CLIENT_ID,
clientSecret: VARIABLES.GOOGLE_SECRET,
}),
],
callbacks: {
session: async ({ session, token }) => {
return session;
},
},
pages: {
error: '/auth/error',
},
}); Thank you |
@insik-han I also face same issue and created a PR Or other solution you can try right now import NextAuth from "next-auth"
import KakaoProvider from "next-auth/providers/kakao"
export default NextAuth({
providers: [
KakaoProvider({
authorization: "https://kauth.kakao.com/oauth/authorize?scope=",
client: {
token_endpoint_auth_method: 'client_secret_post'
},
clientId: process.env.KAKAO_CLIENT_ID,
clientSecret: process.env.KAKAO_CLIENT_SECRET,
})
],
}) |
@balazsorban44 : just tested Strava and it doesn't work properly. can't really point you to the problem, though... can I help with anything? it might be that the callback includes one to many params as this is the only difference I found compared to github oauth, which does work: http://localhost:3000/api/auth/callback/strava?state=$STATE&code=$CODE&scope=read |
@krautwigundrueben I just noticed you replied to this issue as well. I documented what I tried here #2524 (comment), but I couldn't get it to work properly either. Are you receiving the same error? |
@ndom91 hi I already create a PR #3501 And we need to remove as is - Invalid scope: openid error in kakao provider
to be - success!
please check my PR #3501 for additional information. |
@ndom91 If it helps, I am running into the same issue as @spencerpowell for the WordPress.com provider. My
I found another thing but I am not sure if they are relevant to the ongoing issue: Setting Is that because it's hard-coded here? next-auth/src/providers/wordpress.js Line 8 in 0e8be0c
When I remove that part on the https://developer.wordpress.com/docs/oauth2/ I tried |
I just set up a Salesforce with NextAuth using the example: // /api/auth/[...nextauth].ts
import NextAuth from "next-auth/next";
import SalesFoceProvider from "next-auth/providers/salesforce";
export default NextAuth({
debug: true,
secret: "NEXTAUTH_SECRET",
providers: [
SalesFoceProvider({
clientId: "SALESFORCE_CLIENT_ID",
clientSecret: "SALESFORCE_CLIENT_SECRET",
},
}),
],
}); But got stuck at this callback error:
I added scope as an authorization parameter and now the login flow is working. // /api/auth/[...nextauth].ts
import NextAuth from "next-auth/next";
import SalesFoceProvider from "next-auth/providers/salesforce";
export default NextAuth({
debug: true,
secret: "NEXTAUTH_SECRET",
providers: [
SalesFoceProvider({
clientId: "SALESFORCE_CLIENT_ID",
clientSecret: "SALESFORCE_CLIENT_SECRET",
authorization: {
params: {
scope: "api id web",
},
},
}),
],
}); |
Thanks for reporting that back to us @squeezeday! I'll make sure to add it to the docs. |
EVEOnline provider not working in v4 .... The problem is that a Scope query parameter is being inserted in the URL which EVE Online is reporting as invalid (Invalid scope). The scope parameter needs to be removed or set to blank (example: ..&scope=&..) See bug report #3760 Also some additional information ... even removing the Scope parameter manually it allows you to authenticate with EVE Online, however in the callback Next-Auth throws a OAuthCallbackError error:
It seems that EVE Online does not return an id_token which next-auth is expecting? When you get and use the code returned to get the access token, you get a response that looks like this from EVE Online:
Could it be that Next-Auth is expecting id_token and not access_token ? Update: Changing the EVE Online application type from Authentication Only to Authentication & API Access and adding the publicData scope, it now successfully redirects you to the EVE Online login screen. However I am now receiving a OAUTH_CALLBACK_ERROR saying the id_token is not present in TokenSet? So only error still remaining is the id_token ? EDIT: Interesting enough the access_token returned is a JWT token ... the payload data in the token includes the following:
So to get the returned user data for NextAuth. All we need is the access_token as it contains the character name and character id which is all we need. So the flow should be:
Would the above be easy to implement with NextAuth? |
@mckernanin are you able to comment on my post above please? |
@balazsorban44 and I worked through it a bit, CCP does some non-standard stuff which is annoying. The provider that I'm successfully using in an app of mine looks like this: function EVEOnlineUpdated<P extends Record<string, any> = EVEOnlineProfile>(
options: OAuthUserConfig<P>
): OAuthConfig<P> {
return {
id: "eveonline",
name: "EVE Online",
type: "oauth",
wellKnown: "https://login.eveonline.com/.well-known/oauth-authorization-server",
authorization: {
params: {
scope: "publicData esi-planets.manage_planets.v1",
},
},
idToken: true,
profile(profile: P) {
const characterId = profile.sub.split(":")[2];
return {
id: characterId,
name: profile.name,
ownerHash: profile.owner,
email: null,
image: `https://image.eveonline.com/Character/${characterId}_128.jpg`,
};
},
token: {
async request({ client, provider, params, checks }) {
const tokens = await client.oauthCallback(provider.callbackUrl, params, checks);
tokens.id_token = tokens.access_token;
return { tokens };
},
},
options,
};
} The custom token callback copies access_token to id_token |
@mckernanin thank you for the above code. I've now created a custom provider and the SSO login now works! I now have an issue getting the user details from the session? I'm using the following in my component:
however, session.user.id is not defined? I'm also getting session cookie length errors:
Am I missing something here? |
Yeah so it seems like you're trying to store too much in the cookie (in the jwt callback?), which then therefore cannot be read back out in the following callback functions, thats probably why your See the warning right above the start of this section: https://next-auth.js.org/configuration/callbacks#session-callback |
Ah ok thanks! I changed my callback to just include the account and user information as follows: The reason why I did the if (token.token.user) is because the callback seems to be executed twice so only want to make one modification to it. I'm not sure if that is the correct approach or not ... then in the session callback, I did the following: (yes, I need to fix the double session object) It works ... but seems messy :( UPDATE: Actually, I don't need to duplicate the session information - the information is there, just in a different section so I don't need to copy it etc. |
I followed this code to get name and email from profile but id_token is overwritten and I cannot get id_token again where I need at the federated_logout. Any work around to save raw id_token? |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Description 📓
Before the release of v4 we want to manually test most (if not all) the current OAuth providers to make sure the changes that happen on v4 to their configuration didn't break any of them 🤞🏽
We also haven't enforced any kind of testing prior to v4, so there is a big chance that some providers do not even work in v3, which might have gone undetected if there was no interest from users to open issues.
Here's the table where we keep track of this testing:
42
Apple
Atlassian
callback_url
, internal error at AtlassianAuth0
Azure B2C
Azure AD
Basecamp
BattleNet
Box
Bungie
Cognito
Coinbase
Discord
Dropbox
Eve Online
Facebook
FaceIT
FourSquare
Freshbooks
FusionAuth
Github
Gitlab
Google
IS4
Instagram
Kakao
Keycloak
Line
LinkedIn
MailChimp
MailRu
Medium
Naver
Netlify
Okta
OneLogin
Osso
Reddit
Salesforce
Slack
https
for redirect URLs, even for local development. Usedngrok
Spotify
Strava
Twtich
Twitter
VK
Wordpress
WorkOS
Yandex
Zoho
Zoom
@balazsorban44 @ndom91 if you could mark the ones you have already manually tested and verified they're working so we can know which ones are left to test 🙏🏽
Notes
The relevant PR making this required is #2411. Checks its description for more info.
The documentation page here might also be useful: https://next-auth.js.org/configuration/providers/oauth-provider#options
The text was updated successfully, but these errors were encountered: