Bluemix SSO Node.JS: Social Media Authentication

Question

Bluemix; Node.js; SSO; CWOAU0062E

I've been focusing on man sample apps for SSO but personally could never get it to work.

Getting Error message: CWOAU0062E: The OAuth service provider could not redirect the request because the redirect URI was not valid. Contact your system administrator to resolve the problem.

the URL at this point is :https://mzsso-yyyyyyyyyyyy.iam.ibmcloud.com/idaas/oidc/endpoint/default/authorize?response_type=code&client_id=cWs2hkNjHz&redirect_uri=https%3A%2F%2Fmzibmsso.mybluemix.net%2Fauth%2Fsso%2Fcallback&scope=openid%20openid

(note that xxxxx, yyyyy, zzzzz, etc are my masked private identifiers...

1) error message: CWOAU0062E: The OAuth service provider could not redirect the request because the redirect URI was not valid. Contact your system administrator to resolve the problem. This occurs moments after I click on my /login url...

2) no "integrate" in my bluemix portals, but I'm using the "new bluemix portals"

3) google tested, and validated ok using the validate button in Bluemix

4) facebook tested, and validated ok using the validate button in Bluemix

5) all samples and support that I am exploring on-line seem to be + 1 year old, and all my combinations/variants of the code result in this same error message.

6) Will it work for local testing (note the lack of https for local dev) (will I need to add "localhost:3000" to the redirect question in google?

6a) running locally doesn't support https, will this impact any ability to run locally for the purposes of development?

6b) currently I need to frequently cf push my app because of my uncertainty and general troubles with SSO. I've lost confidence in trying to test this locally since it fails on the server with a barebone project.

7) Is there a difference between the terms "callback url" and "redirect url" (context from google, bluemix, and callback_url)

8) My code makes no direct references to "google" or "facebook". Am I forgetting something obvious or is the idea behind Bluemix SSO to make my app provider-agnostic?

var express = require('express');

var app = express();
var mzSession = require('express-session');

var passport = require('passport');
var cookieParser = require('cookie-parser');
var OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;

app.use(mzSession({
    secret : 'mzSSOSource',
    resave : false,
    saveUninitialized : true
}));

app.use(cookieParser());

app.use(passport.initialize());
app.use(passport.session());

passport.serializeUser(function(user, done) {
    done(null, user);
});

passport.deserializeUser(function(obj, done) {
    done(null, obj);
});

var cfenv = require("cfenv");
var appEnv = cfenv.getAppEnv();
var appServices = appEnv.getServices();

var SSOList = appServices;

if (SSOList.SingleSignOn === undefined) {
    SSOList = {
        "SingleSignOn" : [ {
            "credentials" : {
                "secret" : "xxxxxxxxxx",
                "tokenEndpointUrl" : "https://mzsso-yyyyyyyyyyyy.iam.ibmcloud.com/idaas/oidc/endpoint/default/token",
                "authorizationEndpointUrl" : "https://mzsso-yyyyyyyyyy.iam.ibmcloud.com/idaas/oidc/endpoint/default/authorize",
                "issuerIdentifier" : "yyyyyyyyyy.iam.ibmcloud.com",
                "clientId" : "zzzzzzzzzz",
                "serverSupportedScope" : [ "openid" ]
            },
            "syslog_drain_url" : null,
            "label" : "SingleSignOn",
            "provider" : null,
            "plan" : "professional",
            "name" : "mzSSO",
            "tags" : [ "security", "ibm_created", "ibm_dedicated_public" ]
        } ]
    };
}

var SSOEntryCreds = SSOList.SingleSignOn[0].credentials;

var OpenIDConnectStrategy = require('passport-idaas-openidconnect').IDaaSOIDCStrategy;
var Strategy = new OpenIDConnectStrategy({
    authorizationURL : SSOEntryCreds.authorizationEndpointUrl,
    tokenURL : SSOEntryCreds.tokenEndpointUrl,
    clientID : SSOEntryCreds.clientId,
    scope : 'openid',
    response_type : 'code',
    clientSecret : SSOEntryCreds.secret,
    callbackURL : 'https://mzibmsso.mybluemix.net/auth/sso/callback',
    skipUserProfile : true,
    issuer : SSOEntryCreds.issuerIdentifier
}, function(accessToken, refreshToken, profile, done) {
    process.nextTick(function() {
        profile.accessToken = accessToken;
        profile.refreshToken = refreshToken;
        done(null, profile);
    });
});
passport.use(Strategy);

app.get('/login', passport.authenticate('openidconnect', {}));

function ensureAuthenticated(req, res, next) {
    if (!req.isAuthenticated()) {
        req.session.originalUrl = req.originalUrl;
        res.redirect('/login');
    }
    else {
        return next();
    }
}

app.get('/auth/sso/callback', function(req, res, next) {
    var redirect_url = req.session.originalUrl;
    console.log(redirect_url);
    passport.authenticate('openidconnect', {
        successRedirect : redirect_url,
        failureRedirect : '/failure',
    })(req, res, next);
});

app.get('/hello', ensureAuthenticated, function(request, response) {
    response.send('Hello, ' + request.user['id'] + '!
' + 'Log Out');
});

app.get('/logout', function(req, res) {
    req.logout();
    res.redirect('/');
});

app.get('/failure', function(req, res) {
    res.send('Login failed');
});

app.get('/', function(req, res) {
    res.send('Sign In with a SIS');
});

app.listen(appEnv.port, appEnv.bind, function() {
    console.log('Server listening: ' + JSON.stringify({
        'url' : appEnv.url,
        'bind' : appEnv.bind,
        'port' : appEnv.port
    }));
});
console.log('Server Script Completed');

Bluemix SSO Node.JS: Social Media Authentication

I've been focusing on man sample apps for SSO but personally could never get it to work.

Getting Error message: CWOAU0062E: The OAuth service provider could not redirect the request because the redirect URI was not valid. Contact your system administrator to resolve the problem.

Answers (1)

Related Questions