Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Applying example to remix authenticator strategy #51

Open
keul opened this issue Sep 5, 2023 · 5 comments
Open

Applying example to remix authenticator strategy #51

keul opened this issue Sep 5, 2023 · 5 comments
Assignees
@sergiodxa
Labels
bug Something isn't working

Comments

@keul
Copy link

keul commented Sep 5, 2023

I'm trying to use the Remix example

The error I get is:

Error: Strategy oidc not found.

What I noticed is that example configuration is authenticator.use(strategy);, which is not also passing a name (as documented in remix-auth.

I tried adding a name But doing this changed nothing:

let strategy = new OIDCStrategy<User>(
    {
      
      authorizationParams: {},
    },
    async ({ profile, tokens }) => {
      const { email, name, sub } = profile;
      // …
    }
  );
authenticator.use(strategy, "oidc");

Also note that I has to add authorizationParams to make TS happy.
@keul
Copy link
Author

keul commented Sep 5, 2023
edited
Loading

About the name: forget it, inspecting the code I found that name parameter is optional read from the strategy object.

My problem seems related to configuration of the Issuer then, I've a long list of errors like:

    {
      received: 'HS384',
      code: 'invalid_enum_value',
      options: [Array],
      path: [Array],
      message: "Invalid enum value. Expected 'RS256' | 'RS384' | 'PS256', received 'HS384'"
    },
    {
      received: 'ES512',
      code: 'invalid_enum_value',
      options: [Array],
      path: [Array],
      message: "Invalid enum value. Expected 'RS256' | 'RS384' | 'PS256', received 'ES512'"
    },
    {
      received: 'PS512',
      code: 'invalid_enum_value',
      options: [Array],
      path: [Array],
      message: "Invalid enum value. Expected 'RS256' | 'RS384' | 'PS256', received 'PS512'"
    },
    {
      received: 'RS512',
      code: 'invalid_enum_value',
      options: [Array],
      path: [Array],
      message: "Invalid enum value. Expected 'RS256' | 'RS384' | 'PS256', received 'RS512'"
    }

Probably this is a misconfiguration on my side? I'm trying to use an OIDC service served by Keycloak

@sergiodxa
Copy link
Owner

I think I will need to add more possible values to the id_token_signing_alg_values_supported or token_endpoint_auth_signing_alg_values_supported or relax the validation to any string 🤔

@keul
Copy link
Author

keul commented Sep 6, 2023

@sergiodxa yes, my impression was that those interfaces are too strict on possible values, or at least the list of possible values seems not updated enough.

@sergiodxa sergiodxa self-assigned this Sep 6, 2023
@sergiodxa sergiodxa added the bug Something isn't working label Sep 6, 2023
@nouhoum
Copy link

nouhoum commented Nov 1, 2023

Hi, I have the same issue with Ory Hydra. Some values are not taken into account in the enums.

Here is the ZodError content:

[
  {
    "received": "client_credentials",
    "code": "invalid_enum_value",
    "options": [
      "authorization_code",
      "refresh_token",
      "urn:ietf:params:oauth:grant-type:device_code",
      "urn:ietf:params:oauth:grant-type:jwt-bearer",
      "implicit"
    ],
    "path": [
      "grant_types_supported",
      2
    ],
    "message": "Invalid enum value. Expected 'authorization_code' | 'refresh_token' | 'urn:ietf:params:oauth:grant-type:device_code' | 'urn:ietf:params:oauth:grant-type:jwt-bearer' | 'implicit', received 'client_credentials'"
  },
  {
    "received": "offline",
    "code": "invalid_enum_value",
    "options": [
      "openid",
      "profile",
      "offline_access",
      "name",
      "given_name",
      "family_name",
      "nickname",
      "email",
      "email_verified",
      "picture",
      "created_at",
      "identities",
      "phone",
      "address"
    ],
    "path": [
      "scopes_supported",
      1
    ],
    "message": "Invalid enum value. Expected 'openid' | 'profile' | 'offline_access' | 'name' | 'given_name' | 'family_name' | 'nickname' | 'email' | 'email_verified' | 'picture' | 'created_at' | 'identities' | 'phone' | 'address', received 'offline'"
  },
  {
    "received": "token id_token code",
    "code": "invalid_enum_value",
    "options": [
      "code",
      "token",
      "id_token",
      "code token",
      "code id_token",
      "token id_token",
      "code token id_token",
      "none"
    ],
    "path": [
      "response_types_supported",
      5
    ],
    "message": "Invalid enum value. Expected 'code' | 'token' | 'id_token' | 'code token' | 'code id_token' | 'token id_token' | 'code token id_token' | 'none', received 'token id_token code'"
  },
  {
    "received": "pairwise",
    "code": "invalid_enum_value",
    "options": [
      "public"
    ],
    "path": [
      "subject_types_supported",
      1
    ],
    "message": "Invalid enum value. Expected 'public', received 'pairwise'"
  }
]

@heivo
Copy link

heivo commented Dec 20, 2023

I have a similar validation problem with Azure AAD. Are there any plans to make schema validation less strict? Attaching my configuration and the resulting errors.

schema_validation_errors.json
openid-configuration.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sergiodxa sergiodxa

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@keul @nouhoum @sergiodxa @heivo