node.jssingle-sign-onopenid-connectopenidopenid-provider

Getting TypeError: client_secret_basic client authentication method requires a client_secret


I am encountering an error message while working with a client authentication method. The error message I am receiving is:

"TypeError: client_secret_basic client authentication method requires a client_secret."

I am not sure how to resolve this issue, as it seems to be related to the authentication process. Here is the relevant code snippet:

const express = require('express');
const session = require('express-session');
const { Issuer, generators } = require('openid-client');
const axios = require('axios');

const app = express();
const port = 3000;

app.use(session({
  secret: 'f06549ea-282a-4096-a3b4-d123bc881a00',
  resave: false,
  saveUninitialized: true,
}));

// Load environment variables
require('dotenv').config();

// OpenID Connect configuration
const azureTenantId = process.env.AZURE_TENANT_ID;
const clientId = process.env.CLIENT_ID;
const redirectUri = process.env.REDIRECT_URI;

const openIdConfigUrl = `https://login.microsoftonline.com/${azureTenantId}/v2.0/.well-known/openid-configuration`;

app.get('/auth/callback', async (req, res) => {
  try {
    const issuer = await Issuer.discover(openIdConfigUrl);
    const client = new issuer.Client({
      client_id: clientId,
      redirect_uris: [redirectUri],
    });

    if (!req.query.code) {
      // Generate and store PKCE code_verifier and code_challenge
      const codeVerifier = generators.codeVerifier();
      req.session.codeVerifier = codeVerifier;
      const codeChallenge = generators.codeChallenge(codeVerifier);

      // Initial authorization request with PKCE parameters
      const authorizationUrl = client.authorizationUrl({
        scope: 'openid',
        response_type: 'code',
        code_challenge: codeChallenge,
        code_challenge_method: 'S256',
        nonce: generators.nonce(),
      });

      res.redirect(authorizationUrl);
    } else {
      // Token exchange request with PKCE parameters
      const params = client.callbackParams(req);
      const tokenSet = await client.callback(redirectUri, params, {
        code_verifier: req.session.codeVerifier,
        response_type: 'code',
        token_endpoint_auth_method: 'none',
      });

      // Store the access token in the session or use it as needed
      const accessToken = tokenSet.access_token;
      console.log('Access token:', accessToken);

      // Call the API using the access token
      const apiUrl = 'https://api.example.com/data';
      const headers = {
        Authorization: `Bearer ${accessToken}`,
      };

      axios.get(apiUrl, { headers })
        .then(response => {
          // Process the API response and send it back to the client
          res.json(response.data);
        })
        .catch(error => {
          console.error('API request error:', error);
          res.status(500).send('API request error');
        });
    }
  } catch (error) {
    console.error('Authentication error:', error);
    res.status(500).send('Authentication error');
  }
});

app.listen(port, () => {
  console.log(`Server running on port ${port}`);
});

I would appreciate any insights or suggestions on how to fix this error. Thank you in advance for your help!


Solution

  • I've faced the same error trying to use authorization_code flow, in which have no client_secret parameter involved. To resolve in my case, I've used the parameter token_endpoint_auth_method set to 'none' in client creation:

      const authServer = await Issuer.discover(AUTH_SERVER_BASE_URL);
      const client = new authServer.Client({
        client_id: CLIENT_ID,
        response_types: ["code"],
        redirect_uris: [REDIRECT_URI],
        token_endpoint_auth_method: "none"
      });