AzureAd routes returning empty response

Question

AzureAd routes returning empty response

JaeTLDR opened this issue a year ago · comments

Environment

node : v18.15.0

{
"name": "nuxt-app",
"private": true,
"scripts": {
"build": "nuxt build",
"dev": "nuxt dev --https --ssl-cert cert.pem --ssl-key key.pem",
"generate": "nuxt generate",
"preview": "nuxt preview",
"postinstall": "nuxt prepare"
},
"devDependencies": {
"@nuxt/devtools": "latest",
"nuxt": "^3.7.0",
"nuxt-security": "^0.14.4"
},
"dependencies": {
"@auth/core": "^0.10.4",
"@hebilicious/authjs-nuxt": "^0.3.0-beta.2",
"@pinia/nuxt": "^0.4.11",
"h3": "^1.8.1", //< added manually to better match your example in getting started.
"next-auth": "^4.23.1",
"sass": "^1.66.1"
}
}

Reproduction

basically the same as the getting-strted.
repo link can be provided as needed

Describe the bug

I created a brand new nuxt project with minimal changes attempted to use sidewinder but face multiple issues, moved to this repo. I got the basics working however using the example in 'getting started' the js login button gets to the code endpoint i get the 'localhost didn't send any data' error, the 'Native Link Sign in' worked however clicking the Azuread button on that page also errors with no content.

Additional context

I am moving an existing vue3 SPA app to nuxt but require auth t work first hence the relatively empty repo

Logs

No response

Heb · Answer 1 · Fri Sep 01 2023 23:05:16 GMT+0800 (China Standard Time)

Could you provide your nuxt.config or a reproduction please?

Jae · Answer 2 · Sat Sep 02 2023 10:47:54 GMT+0800 (China Standard Time)

clientID secret and tenant are set but not moved to ENV file yet hence the removal

import { resolve } from "node:path"
// https://nuxt.com/docs/api/configuration/nuxt-config
export default defineNuxtConfig({
  devtools: { enabled: true },
  modules: [
    // "nuxt-security",
    "@hebilicious/authjs-nuxt"
  ],
  authJs: {
    baseUrl: "https://localhost:8080",
    guestRedirectTo: "/",
    authenticatedRedirectTo: "/",
    verifyClientOnEveryRequest: true
  },
  alias: {
    cookie: resolve(__dirname, "node_modules/cookie"),
    core: resolve(__dirname, "@auth/core")
  },
  runtimeConfig: {
    auth: {
      clientId: "", 
      clientSecret: "",
      tenantId:     "",
    },
    public: {
      authJs: {
        baseUrl: "https://localhost:8080",
        verifyClientOnEveryRequest: true 
      }
    }
  },
  devServer: {
    port: 8080,
    https: {
      key: './key.pem',
      cert: './cert.pem',
    }
  },

})

Heb · Answer 3 · Sat Sep 02 2023 19:51:24 GMT+0800 (China Standard Time)

@JaeTLDR I'm assuming this is auth.js related, but I can't tell you more without a reproduction. If you can use the module with another provider such as google or github, but not AD, then its best to look at auth.js issues directly.

Jae · Answer 4 · Sat Sep 02 2023 19:56:52 GMT+0800 (China Standard Time)

Unfortunately I cannot use any other providers as this is for a work project.

I have built a new next app with my personal Azure and a Google auth and all is working well. I do believe this is upstream as the only difference in Azure AD configuration is the allowed login (my app only worked with All accounts option, not my tenant only). I will create a new issue on Auth.js repo.

Jae · Answer 5 · Fri Nov 03 2023 10:16:15 GMT+0800 (China Standard Time)

Hi Herbilicious,

nextauth haven't responded at all but I think I have found the issue and hopefully you may have an answer for me. It appears the redirect url is being generated with http even though im using https for all the front end (due to other issues occuring..), i had a look though the next auth issues and have tried setting the following but not working. do you have any ideas?

NUXT_AUTH_AUTHJS_BASEURL=https://localhost:8080
NODE_TLS_REJECT_UNAUTHORIZED=0
NUXT_TLS_REJECT_UNAUTHORIZED=0
AUTH_TRUST_HOST=1
NEXTAUTH_URL=https://localhost:8080

Jae · Answer 6 · Tue Nov 07 2023 10:52:11 GMT+0800 (China Standard Time)

Fixed the issue.
i went back to HTTP for local development, i then added the logger module to my AuthConfig which pointed me to my app registration being for SPA client apps not a Web app. after fixing these i have successfully got it working.

It may be worth adding the logger to your documentation. I used

logger: {
        error(code, metadata) {
            console.log(code,metadata) //log.error(code, metadata)
        },
        warn(code) {
            console.log(code,metadata) //log.warn(code)
        },
        debug(code, metadata) {
            console.log(code,metadata) //log.debug(code, metadata)
        }
    }

feel free to close this issue, thanks

Heb · Answer 7 · Sat Nov 11 2023 19:13:16 GMT+0800 (China Standard Time)

Fixed the issue. i went back to HTTP for local development, i then added the logger module to my AuthConfig which pointed me to my app registration being for SPA client apps not a Web app. after fixing these i have successfully got it working.

It may be worth adding the logger to your documentation. I used
logger: {
        error(code, metadata) {
            console.log(code,metadata) //log.error(code, metadata)
        },
        warn(code) {
            console.log(code,metadata) //log.warn(code)
        },
        debug(code, metadata) {
            console.log(code,metadata) //log.debug(code, metadata)
        }
    }
feel free to close this issue, thanks

Glad this works for you now.