#Suggestions for customizing Passport login error behavior

2 messages · Page 1 of 1 (latest)

outer shore
#

We followed the basic guides for Passport setup, and we're using the strategy provided by the openid-client NPM package. Login works fine, but if there's a problem during the validate callback -- for example, we have some kind of database error trying to create a profile for the user after successful login with the SSO provider -- we throw an exception, and the end result is that the browser winds up displaying a 500-status plain text JSON response (something like {"message": "Internal server error"}), instead of the 302 redirect to our application home page they would see after successful login. We'd like to send the user to a "friendlier" error page when this happens.

We found this old issue which directed the user to this Discord, but I didn't see any related posts in site search. Based on these docs, I think if we could configure those two passport options (failureRedirect and failureMessage) it would probably serve our needs, but I don't know where to specify options to the authenticate call, or if that's even possible. We'd be happy to accept any other suggestions to address the problem

GitHub
Failure Redirect · Issue #299 · nestjs/passport

How can I set failureRedirect option? I haven’t seen anything in documentation and it’s a crucial one.

#

Some bits of our auth-related code in case it helps:

// Auth module
@Module({
  imports: [
    ConfigModule,
    PassportModule.register({ defaultStrategy: 'oidc', session: true }),
  ]
}) ....

// Strategy implementation class
class OIDCStrategy extends PassportStrategy(Strategy, 'oidc') {
  constructor(
    client: Client,
    scope: string,
    private readonly userService: UserService,
  ) {
    super({
      client,
      params: {
        scope,
      },
      passReqToCallback: false,
    } satisfies StrategyOptions);
  }

  async validate(tokenset: TokenSet): Promise<ReqUser> {
    // See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
    const info: UserinfoResponse = await this.client.userinfo(tokenset);
    return this.userService.getOrCreateProfile(info)
  }
}

  // Auth route controller class...
  /** Last leg of OIDC workflow */
  @UseGuards(OIDCLoginGuard)
  // Note that all the callback handlers are actually the same thing, we just register a different login guard depending on app config
  @Get('callback')
  loginCallback(@Res() res: Response) {
    res.redirect('/');
  }