When the user have logged In the app before(gave consent), in the next time while logging in the user can be authenticate without even selecting the account. How to prevent it? Bug occurs on step 2:
Step 1 – User Click On Log In Button and is redirected to azure page
//
Console after navigating back
You can notice that even though the button was directed to microsoft, when navigating back the google passport-js that I also have setted takes controls and authenticate the user twice. How could I avoid? The opposite happens as well(google login then microsoft takes control and authenticate it)
PASSPORT.JS:
require('dotenv').config();
const passport = require('passport');
const { getOrCreateUser } = require('../controllers/User');
const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2');
const GitHubStrategy = require('passport-github2').Strategy;
const GoogleStrategy = require('passport-google-oauth20').Strategy;
const jwt = require('jsonwebtoken');
// Azure Strategy
passport.use(
new AzureAdOAuth2Strategy(
{
clientID: process.env.AZURE_CLIENT_ID,
clientSecret: process.env.AZURE_CLIENT_SECRET,
callbackURL: 'http://localhost:80/auth/azure/callback',
tenantId: process.env.AZURE_TENANT_ID,
scope: 'openid profile email',
},
async (accessToken, refreshToken, params, profile, done) => {
const decodedProfile = jwt.decode(params.id_token, '', true) || profile;
const user = await getOrCreateUser({
azureId: decodedProfile.oid,
name: decodedProfile.given_name,
});
return done(null, { profile: user });
}
)
);
// GitHub Strategy
passport.use(
new GitHubStrategy(
{
clientID: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
callbackURL: `http://localhost:80/auth/github/callback`,
},
async (accessToken, refreshToken, profile, done) => {
const user = await getOrCreateUser({
githubId: profile.id,
name: profile.username,
});
console.log(user);
return done(null, { profile: user });
}
)
);
// Google Strategy
passport.use(
new GoogleStrategy(
{
clientID: process.env.GOOGLE_CLIENT_ID,
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
callbackURL: `http://localhost:80/auth/google/callback`,
},
async (accessToken, refreshToken, profile, done) => {
const user = await getOrCreateUser({
googleId: profile.id,
name: profile.name.givenName,
});
return done(null, { profile: user });
}
)
);
passport.serializeUser((user, done) => {
done(null, user);
});
passport.deserializeUser((user, done) => {
done(null, user);
});
module.exports = passport;
APP.JS:
app.use(
express.urlencoded({
extended: true,
})
);
app.use(express.json({ limit: '10kb' }));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cookieParser());
// Passport Initialization
app.use(
session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
cookie: { maxAge: 1000 * 60 * 60 * 24 * 7 }, // 3 Days
})
);
app.use(passport.initialize());
app.use(passport.session());
app.use('/', routes);
module.exports = app;
Auth Route:
const router = require('express').Router();
const passport = require('../config/passport');
const User = require('../models/User');
// Azure Auth
router.get(
'/azure',
passport.authenticate('azure_ad_oauth2', {
scope: ['profile', 'email'],
prompt: 'select_account',
})
);
router.get(
'/azure/callback',
passport.authenticate('azure_ad_oauth2', {
prompt: 'select_account',
failureRedirect: '/error',
}),
async (req, res) => {
res.redirect(`${process.env.APP_URL}`);
}
);
// GitHub Auth
router.get(
'/github',
passport.authenticate('github', { scope: ['user'], prompt: 'select_account' })
);
router.get(
'/github/callback',
passport.authenticate('github', {
prompt: 'select_account',
failureRedirect: '/error',
}),
async (req, res) => {
res.redirect(`${process.env.APP_URL}`);
}
);
// Google Auth
router.get(
'/google',
passport.authenticate('google', {
scope: ['profile'],
prompt: 'select_account',
})
);
router.get(
'/google/callback',
passport.authenticate('google', {
scope: ['profile'],
prompt: 'select_account',
failureRedirect: '/error',
}),
async (req, res) => {
res.redirect(`${process.env.APP_URL}`);
}
);
router.get('/profile', async (req, res) => {
if (req.isAuthenticated()) {
res
.status(200)
.json({ status: 'success', message: 'Profile Info!', user: req.user });
} else
res.status(401).json({
status: 'error',
message: 'You Need To Be Logged In To Access Profile Info!',
});
});
router.get('/logout', (req, res) => {
req.logout((err) => {
if (err) {
console.error('Error Logging Out: ', err);
return res
.status(500)
.json({ status: 'error', message: 'Internal Server Error' });
}
req.session.destroy((err) => {
if (err) {
console.error('Error Destroying Session: ', err);
return res
.status(500)
.json({ status: 'error', message: 'Internal Server Error' });
}
res
.clearCookie('connect.sid')
.status(200)
.json({ status: 'success', message: 'Logged Out Successfully!' });
});
});
});
module.exports = router;
I tried to modify the prompt to select_account, consent and login but no success… Tried state: true as well