oidc: Handle login without redirect from backend and set some default

ttls

src/oidc.js

@@ -8,6 +8,7 @@ exports = module.exports = {
 const assert = require('assert'),
     debug = require('debug')('box:oidc'),
     fs = require('fs'),
+    middleware = require('./middleware'),
     path = require('path'),
     paths = require('./paths.js'),
     BoxError = require('./boxerror.js'),
@@ -271,6 +272,9 @@ function attachInteractionRoutes(routePrefix, app, provider) {
         next();
     }
 
+    // FIXME duplicate, all those routes should go to server.js
+    const json = middleware.json({ strict: true, limit: '2mb' }); // application/json
+
     app.get(routePrefix + '/interaction/:uid', setNoCache, async (req, res, next) => {
         try {
             const { uid, prompt, params, session } = await provider.interactionDetails(req, res);
@@ -314,12 +318,15 @@ function attachInteractionRoutes(routePrefix, app, provider) {
                 default:
                     return undefined;
             }
-        } catch (err) {
-            return next(err);
+        } catch (error) {
+            debug(`route interaction get uid:${uid} error`);
+            console.log(error);
+
+            return next(error);
         }
     });
 
-    app.post(routePrefix + '/interaction/:uid/login', setNoCache, async (req, res, next) => {
+    app.post(routePrefix + '/interaction/:uid/login', json, setNoCache, async (req, res, next) => {
         const [detailsError, details] = await safe(provider.interactionDetails(req, res));
         if (detailsError) return next(new HttpError(500, detailsError));
 
@@ -352,13 +359,16 @@ function attachInteractionRoutes(routePrefix, app, provider) {
             },
         };
 
-        const [interactionFinishError, interaction] = await safe(provider.interactionFinished(req, res, result));
+        const [interactionFinishError, redirectTo] = await safe(provider.interactionResult(req, res, result));
         if (interactionFinishError) return next(new HttpError(500, interactionFinishError));
 
-        next(new HttpSuccess(200, { redirectTo: interaction.redirectTo }));
+        debug(`route interaction login post result redirectTo:${redirectTo}`);
+
+        res.status(200).send({ redirectTo });
+        // next(new HttpSuccess(200, { redirectTo }));
     });
 
-    app.post(routePrefix + '/interaction/:uid/confirm', setNoCache, async (req, res, next) => {
+    app.post(routePrefix + '/interaction/:uid/confirm', json, setNoCache, async (req, res, next) => {
         try {
             const interactionDetails = await provider.interactionDetails(req, res);
             const { uid, prompt: { name, details }, params, session: { accountId } } = interactionDetails;
@@ -457,6 +467,14 @@ async function getProvider(routePrefix) {
             required: function pkceRequired(ctx, client) {
                 return false;
             }
+        },
+        ttl: {
+            // in seconds, can also be a function returning the seconds https://github.com/panva/node-oidc-provider/blob/b1c1a9318036c2d3793cc9e668f99937c5c36bc6/docs/README.md#ttl
+            AccessToken: 3600, // 1 hour
+            IdToken: 3600, // 1 hour
+            Grant: 1209600, // 14 days
+            Session: 1209600, // 14 days
+            Interaction: 3600 // 1 hour
         }
     };