Express OpenId Connect app not redirecting after getting token

Question

I am connecting to an Open Id Connect provider and this is my code.

const express = require('express');
const { auth } = require('express-openid-connect');
require('dotenv').config();
const app = express();
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
const jwt_decoder = require('jwt-decode');  

app.use(
  auth({
    issuerBaseURL: '***',
    baseURL: 'http://localhost:3000',
    clientID: 'client_id',
    secret: 'long string',
    idpLogout: false,
    authRequired:true,
    authorizationParams:{
    response_type: 'code',
    scope: 'openid profile email',
    response_mode: "form_post",
    redirectUriPath: 'http://localhost:3000/callback',
   
    }
  })
);
app.get('/', (req, res) => {
 //console.log(res)
  console.log(req.oidc.accessToken.access_token)
  var decoded = jwt_decoder(req.oidc.accessToken.access_token); // Decoding
  console.log(decoded);
  res.send(`hello ${decoded.Username} from ${decoded.OrgName}`);
  
});

app.get('/callback', (req, res) => {
    console.log("redirected")
    res.send("logged in");
  });

app.set('trust proxy', true);
app.listen(3000, () => console.log('listening at http://localhost:3000'))

After authorising, it does not go to callback instead comes to '/'. I get the token there which I am able to decode. I have asked the auth server to call /callback but it does not.

Answer 1

I think you should not be redirected to /callback once you login, instead what will happen it will redirect you to something called baseURL.

Here is explained what we are provided once we add auth to our express app (/login, /logout and /callback routes):

// The `auth` router attaches /login, /logout 
// and /callback routes to the baseURL
app.use(auth(config));

The Express OpenID Connect SDK handles those routes under the hood. If you want to play, you can add your callback route before adding app.use(auth(config)). But then your flow might be broken.