Problem defining custom callback route

[pragmaticivan]

I'm submitting this issue for the package(s):

• jwt-verifier
• okta-angular
• oidc-middleware
• okta-react
• okta-react-native
• okta-vue

I'm submitting a:

• Bug report
• Feature request
• Other (Describe below)

Current behavior

After redirecting, I'm getting Cannot GET /auth-code/callback

Expected behavior

It should redirect and oauth middleware should register a new route into express.

Minimal reproduction of the problem with instructions

const express = require('express');
const { ExpressOIDC } = require('@okta/oidc-middleware');
const session = require('express-session');

const app = express();
const port = 3100;

const oidc = new ExpressOIDC({
  issuer: 'https://dev-customdev.oktapreview.com/oauth2/default',
  client_id: 'clientId',
  client_secret: 'clientsecret',
  redirect_uri: 'http://localhost:3100/auth-code/callback',
  scope: 'openid profile',
  routes: {
    callback: {
      path: '/auth-code/callback',
      handler: (req, res, next) => {
        console.log('req.userContext', req.userContext)
        next();
      },
      defaultRedirect: '/'
    }
  }
});

app.use(session({
  secret: 'this-should-be-very-random',
  resave: true,
  saveUninitialized: false
}));

app.use(oidc.router);

app.get('/', (req, res) => {
  if (req.userContext) {
    res.send(`Hello ${JSON.stringify(req.userContext, 2, 2)} ${req.userContext.userinfo.name}! <a href="logout">Logout</a>`);
  } else {
    res.send('Please <a href="/login">login</a>');
  }
});

app.get('/protected', oidc.ensureAuthenticated(), (req, res) => {
  res.send('Top Secret');
});

app.get('/logout', (req, res) => {
  req.logout();
  res.redirect('/');
});

oidc.on('ready', () => {
  app.listen(port, () => console.log('app started'));
});

Extra information about the use case/user story you are trying to implement

I'm trying to persist the user information into a database when it goes to callback.

Environment

• Package Version: "@okta/oidc-middleware": "^1.0.2-z",
• Browser: Chrome
• OS: Mac OSx
• Node version (node -v): v8.11.2

[pablote]

Same issue here. Implementing a custom handler for the login callback doesn't seem to continue the login process correctly. Did you ever found a fix for this?

[swiftone]

Internal ref: OKTA-306433

[denysoblohin-okta]

If you define handler for loginCallback route, options defaultRedirect, failureRedirect will not be used and you need to manually call res.redirect('/') (or other path) inside handler.
It can be useful to set redirect path dynamically, using user info, eg. using req.userContext.userinfo.locale.
We'll update docs to mention need of explicit call res.redirect.

In you example you can just remove handler and it will work.
Or you can add return res.redirect('/'); in handler and remove defaultRedirect as it will not be used

Also, please update to the latest version, see migration guide.
New versions introduced naming changes:

• callback -> loginCallback
• redirect_uri -> loginRedirectUri
• defaultRedirect -> afterCallback
• add appBaseUrl