duosecurity / duo_universal_nodejs Goto Github PK
View Code? Open in Web Editor NEWDuo OIDC-based two-factor authentication for NodeJS web applications
Home Page: https://duo.com/docs/duoweb
License: MIT License
Duo OIDC-based two-factor authentication for NodeJS web applications
Home Page: https://duo.com/docs/duoweb
License: MIT License
I think this one (c130fc8) breaks the login flow, although the issue is not with node.js implementation. From this point it starts to verify the username in incoming token payload.
But if you have two or more usernames / aliases defined in admin section, different username is returned.
E.g. user logs in with username1
, which is stored for verification, user goes through prompt successfully. Second exchange then returns payload with token signed with subject having username2
-> which then mismatch and rejected.
May I know how to modify the script that support DUO Authentication Proxy?
For example the DUO Authentication Proxy IP: 10.0.0.1 with port 8080
Thanks!
I was installing the universal client in a repository, and I got this runtime error as I was starting the node app:
Error: ENOENT: no such file or directory, open 'package.json'
at Object.openSync (node:fs:585:3)
at Object.readFileSync (node:fs:453:35)
at Object.<anonymous> (<path_to_my_project>/node_modules/@duosecurity/duo_universal/dist/constants.js:12:37)
It seems in the constants.ts
file, the code is attempting to read the package.json
of the library (?) in order to craft a UserAgent header with the library's current version in it.
However, the only reason that this is working in your demo project is because the built constants.js
file in example/node_modules
is reading example/package.json
, not package.json
. You can see this by adding
const { Client, constants } = require('@duosecurity/duo_universal');
const startApp = async () => {
// Express
const app = express();
console.log(constants.USER_AGENT)
to index.js of the example app, update the example app's version in example/package.json, and see that it logs the user agent with the demo apps version. For our webpack-based node project, this fails to work entirely.
As for a solution, I have two thoughts, and I'm happy to help implement either, or a third that the Duo team prefers:
constants.ts
tracking the version and have a unit test which reads package.json and fails if they aren't compatibleWhen attempting to instantiate a Client
object in a Vite/Vue3 app, the error Uncaught TypeError: util.inherits is not a function
is thrown.
npm create vite@latest duo-vite-test -- --template vue
cd duo-vite-test
npm install
npm install @duosecurity/duo_universal
npm run dev
Client
in App.vue <script setup>
blockimport { Client } from '@duosecurity/duo_universal'
const client = new Client({
clientId: 'theclientid',
clientSecret: 'theclientsecret',
apiHost: 'theapihost',
redirectUrl: 'http://localhost:5173',
})
Uncaught TypeError: util.inherits is not a function
at node_modules/jws/lib/data-stream.js (data-stream.js:39:6)
at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
at node_modules/jws/lib/sign-stream.js (sign-stream.js:3:18)
at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
at node_modules/jws/index.js (index.js:2:18)
at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
at node_modules/jsonwebtoken/decode.js (decode.js:1:11)
at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
at node_modules/jsonwebtoken/verify.js (verify.js:4:16)
at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
triggerError @ vue-router.mjs:3451
(anonymous) @ vue-router.mjs:3173
Promise.catch (async)
pushWithRedirect @ vue-router.mjs:3167
push @ vue-router.mjs:3099
install @ vue-router.mjs:3530
use @ runtime-core.esm-bundler.js:4381
start @ client-entry.js?t=1686682252177:120
await in start (async)
(anonymous) @ client-entry.js?t=1686682252177:165
Promise.then (async)
(anonymous) @ client-entry.js?t=1686682252177:163
Promise.then (async)
(anonymous) @ client-entry.js?t=1686682252177:139
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.