I am using the node-oidc-provider (v6.29.3) library to build a simple OIDC Connect mock-service and am having issues trying to mount the provider against a specific mountPath. It all works fine if mounted against / but trying to mount against /oidc is not working as the internals of the node-oidc-provider ignore the mountPath.
My setup is roughly like this:
const path = require('path')
const express = require('express')
const { Provider } = require('oidc-provider')
const configuration = require('src/utils/oidc')
const Account = require('src/account')
configuration.findAccount = Account.findAccount
const app = express()
app.set('views', path.join(__dirname, '..', 'views'))
app.set('view engine', 'ejs')
const mountPath = '/oidc'
const issuer = 'http://localhost:3000' + mountPath
const provider = new Provider(issuer, configuration)
app.use(mountPath, provider.callback)
app.listen(3000).then(() => {
console.log('started')
})
I am able to connect to http://localhost:3000/oidc/.well-known/openid-configuration and receive
{
"authorization_endpoint":"http://localhost:3000/oidc/auth",
"device_authorization_endpoint":"http://localhost:3000/oidc/device/auth",
"claims_parameter_supported":false,
"claims_supported":[
"sub",
"email",
"givenName",
"surname",
"memberOf",
"publishers",
"sid",
"auth_time",
"iss"
],
"code_challenge_methods_supported":["S256"],
"end_session_endpoint":"http://localhost:3000/oidc/session/end",
"grant_types_supported":[
"implicit","authorization_code",
"refresh_token",
"urn:ietf:params:oauth:grant-type:device_code"
],
"id_token_signing_alg_values_supported":["HS256", "PS256", "RS256", "ES256"],
"issuer":"http://localhost:3000/oidc",
"jwks_uri":"http://localhost:3000/oidc/jwks",
"response_modes_supported":["form_post","fragment","query"],
"response_types_supported":["code id_token","code","id_token","none"],
"scopes_supported":["openid","offline_access","email","profile"],
"subject_types_supported":["public"],
"token_endpoint_auth_methods_supported":[
"none",
"client_secret_basic",
"client_secret_jwt",
"client_secret_post",
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
"token_endpoint":"http://localhost:3000/oidc/token",
"request_object_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
"request_parameter_supported":false,
"request_uri_parameter_supported":true,
"require_request_uri_registration":true,
"userinfo_endpoint":"http://localhost:3000/oidc/me",
"userinfo_signing_alg_values_supported":["HS256","PS256","RS256","ES256"],
"introspection_endpoint":"http://localhost:3000/oidc/token/introspection",
"introspection_endpoint_auth_methods_supported":[
"none",
"client_secret_basic",
"client_secret_jwt",
"client_secret_post",
"private_key_jwt"
],
"introspection_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
"revocation_endpoint":"http://localhost:3000/oidc/token/revocation",
"revocation_endpoint_auth_methods_supported":[
"none",
"client_secret_basic",
"client_secret_jwt",
"client_secret_post",
"private_key_jwt"
],
"revocation_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
"claim_types_supported":["normal"]
}
Using a simple test all I log in and my logs show (correctly)
GET /oidc/auth
but then, internally, it redirects to:
GET /interaction/znBzRfhyoBTCg1cFcLult
I need the internal redirect to go to
GET /oidc/interaction/znBzRfhyoBTCg1cFcLult
How do I tell the OIDC Provider to redirect via the given mountPath instead of /?
You will have to configure the interactions.url helper. See documentation for more details.
Later on you will have to build your own end-user interactions and with it you will have to configure this helper anyway.