Skip to content
This repository has been archived by the owner on Aug 28, 2023. It is now read-only.

Undefined "token_type" #317

Closed
tomdean opened this issue Jun 15, 2017 · 5 comments
Closed

Undefined "token_type" #317

tomdean opened this issue Jun 15, 2017 · 5 comments
Assignees
Labels
Milestone

Comments

@tomdean
Copy link

tomdean commented Jun 15, 2017

I've started suddenly getting an error during the OAuth2 process after the user has been redirected back.

Strategy: OIDC
Response Type: "id_token code"
Response Mode: form_post

Versions:
[email protected]
[email protected]

if (items.token_type.toLowerCase() !== 'bearer') {
                      ^
TypeError: Cannot read property 'toLowerCase' of undefined
	at self._getAccessTokenBySecretOrAssertion (/node_modules/passport-azure-ad/lib/oidcstrategy.js:1151:25)
	at oauth2._request (/node_modules/passport-azure-ad/lib/oidcstrategy.js:1395:7)
	at passBackControl (/node_modules/oauth/lib/oauth2.js:125:9)
	at IncomingMessage.<anonymous> (/node_modules/oauth/lib/oauth2.js:143:7)
	at emitNone (events.js:110:20)
	at IncomingMessage.emit (events.js:207:7)
	at endReadableNT (_stream_readable.js:1047:12)
	at _combinedTickCallback (internal/process/next_tick.js:102:11)
	at process._tickDomainCallback (internal/process/next_tick.js:198:9)

The items object does not have a token_type property - the only key present is id_token.

Stopped suddenly working without any changes/pushes (app was running fine yesterday, not so fine today). Could Microsoft/Azure changed something on their end?

@lovemaths
Copy link
Contributor

lovemaths commented Jun 15, 2017

@tomdean Yes, something changed in Azure side. Please use the code in dev branch, I fixed it there. I will make a new release as soon as possible.

@abramz
Copy link

abramz commented Jun 16, 2017

Can we please get some details? My understanding was that this library is maintained by Microsoft and as such there should be communication structures, etc in place to make sure this sort of thing doesn't happen in production.

@lovemaths
Copy link
Contributor

@abramz Azure AD v2 endpoint used to send back an access token when we request authorization code, and they no longer did that since yesterday. This library expects and tries to validate the token, and causes the problem.

@lovemaths
Copy link
Contributor

@tomdean @abramz We just released the new version. Please update this library to v3.0.7 (latest).

@abramz
Copy link

abramz commented Jun 16, 2017

@lovemaths

I would say that this issue is far from closed. This is not aimed at you specifically, but at the PMs and leadership that you are working with. For the past few months now, we have had several issues with the V2 API and what it sends. First, with varying payload bodies where we are now checking 3 or 4 different fields for an email address, and now this.

This library is maintained by Microsoft and was broken by Microsoft. What is your leadership doing to prevent such occurrences from repeating? What communication structures need to be put in place to avoid this from happening, etc? This was an entirely internal issue that cropped up in production for your users, how are you guys going to avoid this from happening again?

I know it isn't going to hurt Microsoft-- it certainly won't hurt us, but we are seriously considering dropping our OAuth support for Microsoft accounts because of the headaches v2 has caused.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

3 participants