Skip to content
This repository has been archived by the owner on Aug 28, 2023. It is now read-only.

Fix: Cannot set cookie on the response. #346

Merged
merged 1 commit into from
Dec 4, 2017
Merged

Fix: Cannot set cookie on the response. #346

merged 1 commit into from
Dec 4, 2017

Conversation

cadesalaberry
Copy link
Contributor

@cadesalaberry cadesalaberry commented Nov 28, 2017
edited
Loading

When trying to use this strategy, I ran into a lot of trouble using the cookies.

All of my calls resulted with the following error, crashing my server:

TypeError: Cannot read property 'cookie' of undefined
    CookieContentHandler.add (node_modules/passport-azure-ad/lib/cookieContentHandler.js:130:6)
    Strategy.flowInitializationHandler [as _flowInitializationHandler] (node_modules/passport-azure-ad/lib/oidcstrategy.js:1339:32)
    async.waterfall (node_modules/passport-azure-ad/lib/oidcstrategy.js:630:23)
    fn (node_modules/passport-azure-ad/node_modules/async/lib/async.js:746:34)
    node_modules/passport-azure-ad/node_modules/async/lib/async.js:1213:16
    node_modules/passport-azure-ad/node_modules/async/lib/async.js:166:37
    node_modules/passport-azure-ad/node_modules/async/lib/async.js:706:43
    node_modules/passport-azure-ad/node_modules/async/lib/async.js:167:37
    node_modules/passport-azure-ad/node_modules/async/lib/async.js:1209:30
    node_modules/passport-azure-ad/node_modules/async/lib/async.js:52:16
    Immediate.<anonymous> (node_modules/passport-azure-ad/node_modules/async/lib/async.js:1206:34)

The config looks like this:

{
    provider        : 'oauth2',
    module          : 'passport-azure-ad',
    strategy        : 'OIDCStrategy',
    callbackPath    : '/auth/oauth2/callback',
    authPath        : '/auth/oauth2',
    authScheme      : 'openid connect',
    passReqToCallback: true,
    useCookieInsteadOfSession: true,  // use cookie, not session
    cookieEncryptionKeys: [
      { key: '0Gs2wLkKhhYYfusiaMTlAmktyA7FnSJX', iv: '60iP5h6vJoEa' },
    ], // encrypt/decrypt key and iv, see `cookieEncryptionKeys` instruction in section 5.1.1.2
    loggingLevel    : 'info',
    responseType    : 'code',
    responseMode    : 'query',
    redirectUrl     : 'https://' + 'test' + '.server.com/auth/oauth2/callback',
    identityMetadata: 'https://#.microsoftonline.com/3cb4fe21-****-****-****-0fb49fc18094/.well-known/openid-configuration',
    clientID        : 'c328cecc-****-****-****-6e9fb1c06307',
    clientSecret    : 'a3F1YMI4Ip**********tVbEWudgc4ur6LJuqhpwtL0=',
    scope           : ["email", "profile"],
}

The error happened because the response was not passed from passport into the options object.

Seeing that it was already attached to req in express 4, I added it to the options object.

@lovemaths lovemaths merged commit 80a6a63 into AzureAD:dev Dec 4, 2017
@cadesalaberry cadesalaberry deleted the patch-1 branch December 5, 2017 09:15
@cadesalaberry
Copy link
Contributor Author

@lovemaths thanks for the merge!

@cadesalaberry
Copy link
Contributor Author

I thought of adding some tests, but I could not find the specific situation.

Maybe it is linked to using a GET callback instead of the default POST?

@jeffwilcox
Copy link
Contributor

This sounds more like your Express pipeline is lacking whatever cookie and session logic it might need....

@lovemaths
Copy link
Contributor

@jeffwilcox @cadesalaberry Agreed. I remember I had the same issue yesterday, after I installed some missing middleware (don't remember which one, most likely cookieparser middleware) to my express app, it worked.

# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cadesalaberry @jeffwilcox @lovemaths