OAuth end_of_popup_response.js script does not execute

Hello,

I am writing a small package to connect a Meteor application to an OpenID Connect external Provider. I have based the code on accounts-github and github-oauth, with a “popup” loginStyle.

On server side, I get the authorization token, the access token, fake user informations (as both the application and OID Provider are in development mode), and the OAuth request handler, registered via OAuth.registerService(), is correctly ran (and I believe correctly handled).
Then flow goes to renderOAuthResult() and endOfLoginResponse(), but the popup doesn’t eventually close. :frowning:
The popup rightly displays the updated end_of_popup.html template (i.e. with correct data inside it), but the window popup stays blank. It seems that the script is not executed.

As a side note, maybe I should specify that the application runs on http://localhost:3000, and the redirect_url is https://devel.trychlos.lan, because the OID provider only allows https, and I have configured a nginx to redirect the former to the ad-hoc url on localhost.
May this difference in the domains be the cause of the javascript not executing ?

As I understand the Meteor OAuth flow, this is the last step before credentials are passed back to the main window and the user be logged-in. So… Any help would be welcome :wink:

Regards
Pierre

Might find some answers here: GitHub - Akarda/accounts-oidc: A Meteor login service for OpenID Connect (OIDC)

Hi,
Is there any particular reason I may find an answer in this package ?
This is a fork of salleman, which itself is a fork of witch.
I have carefully read the code of the three, but didn’t found any tip for my issue.

Yes, there were of great help when debugging my own code (because OIDC is not exactly OAuth), but in this last step I am blocked. I have tried to rely on maximum on already written code (because I am a bit lazy of course).

Server sends HTML to the client, HTML contains a tag, but script is not executed. Nobody has an idea why ?

@pwix

If you are using Meteor 2.14, WeKan fork of salleman OIDC/OAuth2 at wekan/packages/wekan-oidc and wekan/packages/wekan-accounts-oidc directory has been modified to work with many different OIDC/OAuth2 providers:

Docs for various ways to login at wiki:

Login form is at layouts.* files:

Authentication related code is here:

Creating new user is at wekan/models/users.js:

For more info, you can search ChangeLog:

And open and closed issues:

And PRs:

https://github.com/wekan/wekan/pulls

Hello,
Thanks to all to have taken the time to answer, even if the answer was for another question :wink:

Happens that the differences between the domain names that I mentioned in my first post was the source of the issue. So the solution I have chosen is :

  • install a local nginx, configuring it as

    server name is myhost.local.lan, which is the hostname of my station in my local network
    only serve https on port 443 with a self-signed certificate,
    has a proxy_pass configuration to http://localhost:3000

  • do not change the meteor run command
  • points my browser to ‘https://myhost.local.lan

And all works like a charm.

Regards
Pierre