Ory Hydra Authorization Code Exchange => access token Use openid-client
https://github.com/panva/node-openid-client/tree/v2.x
Important! WARNING: Node.js 12 or higher is required for openid-client@3 and above. For older Node.js versions use openid-client@2.
So watch https://github.com/panva/node-openid-client/tree/v2.x
node.js package use “openid-client”: “2.5.0”,
client.authorizationCallback have bug, nonce mismatch always have this error even see https://github.com/panva/node-openid-client/issues/150
Correct way
see if (params.code) { Can know use grant
https://github.com/panva/node-openid-client/tree/v2.x#custom-token-endpoint-grants
const hydraconfig= {
"oidurl": "https://openid.hydra:9001",
"redirectUri": "https://t.tt:9010/callback",
"clientid": "auth-code-client",
"clientsecretid": "secret"
}
//openid-client================
const { Issuer } = require('openid-client')
const hydraIssuer = await Issuer.discover(hydraconfig.oidurl) // => Promise
.then(function (hydradiscoverIssuer) {
console.log('Discovered issuer %s %O', hydradiscoverIssuer.issuer, hydradiscoverIssuer.metadata);
return hydradiscoverIssuer
});
const client = new hydraIssuer.Client({
client_id: hydraconfig.clientid,
client_secret: hydraconfig.clientsecretid
});
var tokenset = await client.grant({
grant_type: 'authorization_code',
code: code,
redirect_uri: hydraconfig.redirectUri,
code_verifier: '', //No value, because real use in Hydra login-consent. Not use client.authorizationUrl or client.authorizationPost
});
console.log(tokenset)
