Andre M Andre M - 1 month ago 14
Node.js Question

Getting "You need to provide a redirectUri" error with WP OAuth Server & NodeJS

I am creating a NodeJS application and I am trying to use Wordpress for authentication, via OAuth2, but I am running into a few issues. I am leveraging the 'passport-wpoauth' module.

I am getting the error "You need to provide a redirectUri" when trying to authorize. I did try specifying "redirectUri" in the parameters passed to WPOAuthStrategy, but that did not help. The issue is happening in the call to

passport.authenticate()
, from what I can see.

Code looks as follows and was wondering if you had any suggestions?

const bodyParser = require("body-parser");
const express = require('express');
const expressSession = require('express-session');
const url = require('url');
const passport = require('passport');
const OAuth2Strategy = require('passport-oauth2');
const WPOAuthStrategy = require('passport-wpoauth');

function initPassport(app) {

app.use(passport.initialize());
app.use(passport.session());

passport.serializeUser(function(user, done) {
done(null, user);
});

passport.deserializeUser(function(user, done) {
done(null, user);
});

var oauthConfig = {
"clientID": "Wq3lkiaPfMn83Cd5YWNoRAHpJtN55a",
"clientSecret": "82AbnUuyJJk7RoK4uJ0h7SSPhBi5Ho",
"authorizationURL": "https://localhost/oauth/authorize",
"tokenURL": "https://localhost/oauth/token/",
"callbackURL": "http://localhost:7070/api/auth/callback",
"userProfileURL": "http://localhost/myprofile"
};

passport.use(new WPOAuthStrategy(oauthConfig,
function(accessToken, refreshToken, profile, callback) {
console.log('profile', profile);
callback(undefined, {
id: '56757dsfe22',
email: 'dummy@example.com'
});
}
));

app.get('/auth/callback',
passport.authenticate('wpoauth', { failureRedirect: '/api/login' }),
function(req, res) {
console.log('success');
// Successful authentication, redirect home.
res.redirect('/');
});
}

function handleAuthenticate(req, res, next) {
console.log('xxxx', 'handleAuthenticate');
passport.authenticate('wpoauth')(req, res, next);
}

function initRoutes(app) {
app.get(/.*/, handleAuthenticate) ;

app.get('/auth/callback',
passport.authenticate('wpoauth', { failureRedirect: '/api/login' }),
function(req, res) {
console.log('success');
// Successful authentication, redirect home.
res.redirect('/');
});
}

var app = express();
var router = express.Router();

app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());

initPassport(app);

app.use('/api/', router);
initRoutes(router);


Note I have also tried with the passport-oauth2 module directly, getting as far as the login screen, but once logged in and sent back to the
http://localhost:7070/api/auth/callback
URL I get the error:

TokenError: Authorization code doesn't exist or is invalid for the client


Both the clientID and the clientSecret match what is specified in the WordPress admin UI for 'WP OAuth Server'.

Using WP OAuth Server 3.2.0001, with Nginx and WP 4.6.1

Answer

Looking through the source code of the 'passport-wpoauth' package indicates that the 'redirectUri' is being expected as part of the request body, rather from settings passed in as options, as I was expecting.

I changed my code to be:

app.get('/auth/wordpress', function(req, res, next) {
    req.body.redirectUri = 'http://redirectUrl/'
    passport.authenticate('oauth2', {})(req, res, next);
});

The issue was larger due to other incompatibilities. I have submitted a pull-request to the project.