Unexpected /authorize request from '/' route

maxikgreat · December 22, 2020, 7:21pm

I implemented authorization flow with express-openid-connect library but faced with some issue:

when I’m opening home page (in my case it’s hativi.herokuapp.com) immediately I have been redirected to /authorize page (why?!)
It’s really strange cause home route doesn’t specify as an auth-required route.

For clarifying I attach code snippets and screen’s from the site below:

server and routes files:

// server/index.ts

import express, { Request, Response } from 'express';
import next from 'next';
import { parse } from 'url';
import { auth, RequestContext, ResponseContext } from 'express-openid-connect';

import routes from './routes';

export interface RequestAuth0 extends Request {
  oidc: RequestContext
}
export interface ResponseAuth0 extends Response {
  oidc: ResponseContext
}

const dev = process.env.NODE_ENV !== 'production';
const app = next({ dev });
const handle = app.getRequestHandler();

const port = process.env.PORT || 3000;

(async () => {
  try {
    await app.prepare();
    const server = express();
    server.use(auth({
      authRequired: false,
      auth0Logout: true,
      secret: process.env.AUTH0_COOKIE_SECRET,
      clientID: process.env.AUTH0_CLIENT_ID,
      baseURL: process.env.BASE_URL,
      issuerBaseURL: process.env.ISSUER_BASE_URL,
      clientSecret: process.env.AUTH0_CLIENT_SECRET,
      authorizationParams: {
        response_type: 'code',
        audience: process.env.AUTH0_AUDIENCE,
        scope: 'openid email profile offline_access',
      },
      routes: {
        login: false,
        callback: '/callback',
      }
    }));
    
    server.use(express.json());
    server.use(routes);

    server.all('*', (req, res) => {
      const parsedUrl = parse(req.url, true);
      handle(req, res, parsedUrl);
    });
    
    server.listen(port, (err?: any) => {
      if (err) throw err;
      console.log(`> Ready on localhost:${port} - env ${process.env.NODE_ENV}`);
    })
  } catch (e) {
    console.log(e);
    process.exit(1);
  }
})();

export { app };

// server/routes/index.ts

import { Router } from 'express';
import { requiresAuth } from 'express-openid-connect';

import {renderPage, me, customLogin} from '../controllers';

const router: Router = Router();

// @ts-expect-error
router.get('/login', customLogin());
// @ts-expect-error
router.get('/find_blogger', requiresAuth(), renderPage('/find_blogger'));
// @ts-expect-error
router.get('/first_enter', requiresAuth(), renderPage('/first_enter'));
// @ts-expect-error
router.get('/instagram_profile', requiresAuth(), renderPage('/instagram_profile'));
// @ts-expect-error
router.get('/settings', requiresAuth(), renderPage('/settings'));
// @ts-expect-error
router.get('/me', me);


export default router;

https://github.com/maxikgreat/hativi - link to project on github if you need extra info

maxikgreat · December 22, 2020, 7:28pm

So I don’t want to do request to /authorize on home page. It needs to be triggered on /login request. So what I have to do for disable this /authorize automatic request on home page?