Giters

auth0 / express-openid-connect

An Express.js middleware to protect OpenID Connect web applications.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unable to perform error handling for custom session store.

YMarumo opened this issue · comments

commented

Checklist

Description

We are currently using Express OpenID Connect.
We are using a custom session store (Redis) for session management, but we are having trouble controlling the response to users because there is no way to handle errors when an error occurs, such as the Redis server going down.

https://github.com/auth0/express-openid-connect/blob/master/lib/appSession.js#L352-L363

I have looked at the source code, and when an error occurs in the Redis Client, I think the error is caught in the above section.
What is the reason why next(error) is not called in this location?
We believe that because next(error) is not called at this location, it is not being handled by the error handling middleware we have implemented.
If possible, we would like to handle errors picked up here with error handling middleware, with the error handling middleware we implement here and display an arbitrary error screen to the user.
If this is difficult, any breakthrough would be appreciated.
Thank you in advance.

Reproduction

Step 1: Set up a local redis server
Step 2: Setup a local redis server as a custom session store in your app with Express OpenID Connect embedded
Step 3: Launch the app and go to the IdP login screen
Step 4: At this point, shut down the local redis server
Step 5: Complete end-user authentication with the IdP
Step 6: Naturally, an error occurs because the connection to the Redis server cannot be established, but the error handling middleware cannot handle the error and the screen transition does not occur.

Additional context

No response

express-openid-connect version

2.17.1

Express version

4.17.1

Node.js version

18.20.2