OAuth1 to OAuth2

Author: simonredfern

package-lock.json

@@ -6,7 +6,7 @@
     "jest"
   ],
   "scripts": {
-    "dev": "vite & ts-node server/app.ts",
+    "dev": "vite & tsx --tsconfig tsconfig.server.json server/app.ts",
     "build": "run-p build-only",
     "build-server": "tsc --project tsconfig.server.json",
     "preview": "vite preview",
@@ -41,7 +41,6 @@
     "langchain": "^0.3.19",
     "markdown-it": "^14.1.0",
     "node-fetch": "^2.6.7",
-    "oauth": "^0.10.0",
     "obp-api-typescript": "^1.0.1",
     "obp-typescript": "^1.0.36",
     "pinia": "^2.0.37",
@@ -92,6 +91,7 @@
     "supertest": "^7.0.0",
     "ts-jest": "^29.2.5",
     "ts-node": "^10.9.1",
+    "tsx": "^4.20.6",
     "typescript": "~5.2.2",
     "unplugin-auto-import": "^0.18.0",
     "unplugin-element-plus": "^0.8.0",

package.json

@@ -34,9 +34,14 @@ import express, { Application } from 'express'
 import { useExpressServer, useContainer } from 'routing-controllers'
 import { Container } from 'typedi'
 import path from 'path'
+import { fileURLToPath } from 'url'
 import { execSync } from 'child_process'
 import { OAuth2Service } from './services/OAuth2Service'
 
+// Fix __dirname for ESM/tsx compatibility
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+
 const port = 8085
 const app: Application = express()
 
@@ -109,41 +114,34 @@ useContainer(Container)
 
 // Initialize OAuth2 Service
 console.log(`--- OAuth2/OIDC setup -------------------------------------------`)
-const useOAuth2 = process.env.VITE_USE_OAUTH2 === 'true'
-console.log(`OAuth2/OIDC enabled: ${useOAuth2}`)
-
-if (useOAuth2) {
-  const wellKnownUrl = process.env.VITE_OBP_OAUTH2_WELL_KNOWN_URL
+const wellKnownUrl = process.env.VITE_OBP_OAUTH2_WELL_KNOWN_URL
 
-  if (!wellKnownUrl) {
-    console.warn('VITE_OBP_OAUTH2_WELL_KNOWN_URL not set. OAuth2 will not function.')
-  } else {
-    console.log(`OIDC Well-Known URL: ${wellKnownUrl}`)
-
-    // Get OAuth2Service from container
-    const oauth2Service = Container.get(OAuth2Service)
-
-    // Initialize OAuth2 service from OIDC discovery document
-    oauth2Service
-      .initializeFromWellKnown(wellKnownUrl)
-      .then(() => {
-        console.log('OAuth2Service: Initialization successful')
-        console.log('  Client ID:', process.env.VITE_OBP_OAUTH2_CLIENT_ID || 'NOT SET')
-        console.log('  Redirect URI:', process.env.VITE_OBP_OAUTH2_REDIRECT_URL || 'NOT SET')
-        console.log('OAuth2/OIDC ready for authentication')
-      })
-      .catch((error) => {
-        console.error('OAuth2Service: Initialization failed:', error.message)
-        console.error('OAuth2/OIDC authentication will not be available')
-        console.error('Please check:')
-        console.error('  1. OBP-OIDC server is running')
-        console.error('  2. VITE_OBP_OAUTH2_WELL_KNOWN_URL is correct')
-        console.error('  3. Network connectivity to OIDC provider')
-      })
-  }
+if (!wellKnownUrl) {
+  console.error('VITE_OBP_OAUTH2_WELL_KNOWN_URL not set. OAuth2 will not function.')
+  console.error('Please set this environment variable to continue.')
 } else {
-  console.log('OAuth2/OIDC is disabled. Using OAuth 1.0a authentication.')
-  console.log('To enable OAuth2, set VITE_USE_OAUTH2=true in environment')
+  console.log(`OIDC Well-Known URL: ${wellKnownUrl}`)
+
+  // Get OAuth2Service from container
+  const oauth2Service = Container.get(OAuth2Service)
+
+  // Initialize OAuth2 service from OIDC discovery document
+  oauth2Service
+    .initializeFromWellKnown(wellKnownUrl)
+    .then(() => {
+      console.log('OAuth2Service: Initialization successful')
+      console.log('  Client ID:', process.env.VITE_OBP_OAUTH2_CLIENT_ID || 'NOT SET')
+      console.log('  Redirect URI:', process.env.VITE_OBP_OAUTH2_REDIRECT_URL || 'NOT SET')
+      console.log('OAuth2/OIDC ready for authentication')
+    })
+    .catch((error) => {
+      console.error('OAuth2Service: Initialization failed:', error.message)
+      console.error('OAuth2/OIDC authentication will not be available')
+      console.error('Please check:')
+      console.error('  1. OBP-OIDC server is running')
+      console.error('  2. VITE_OBP_OAUTH2_WELL_KNOWN_URL is correct')
+      console.error('  3. Network connectivity to OIDC provider')
+    })
 }
 console.log(`-----------------------------------------------------------------`)
 

server/app.ts

@@ -28,7 +28,7 @@
 import { Controller, Session, Req, Res, Get } from 'routing-controllers'
 import { Request, Response } from 'express'
 import OBPClientService from '../services/OBPClientService'
-import OauthInjectedService from '../services/OauthInjectedService'
+
 import { Service } from 'typedi'
 import { OAuthConfig } from 'obp-typescript'
 import { commitId } from '../app'
@@ -43,10 +43,7 @@ export class StatusController {
     'stored_procedure_vDec2019',
     'rabbitmq_vOct2024'
   ]
-  constructor(
-    private obpClientService: OBPClientService,
-    private oauthInjectedService: OauthInjectedService
-  ) {}
+  constructor(private obpClientService: OBPClientService) {}
   @Get('/')
   async index(
     @Session() session: any,
@@ -55,7 +52,10 @@ export class StatusController {
   ): Response {
     const oauthConfig = session['clientConfig']
     const version = this.obpClientService.getOBPVersion()
-    const currentUser = await this.obpClientService.get(`/obp/${version}/users/current`, oauthConfig)
+    const currentUser = await this.obpClientService.get(
+      `/obp/${version}/users/current`,
+      oauthConfig
+    )
     const apiVersions = await this.checkApiVersions(oauthConfig, version)
     const messageDocs = await this.checkMessagDocs(oauthConfig, version)
     const resourceDocs = await this.checkResourceDocs(oauthConfig, version)
@@ -85,10 +85,7 @@ export class StatusController {
   async checkResourceDocs(oauthConfig: OAuthConfig, version: string): Promise<boolean> {
     try {
       const path = `/obp/${version}/resource-docs/${version}/obp`
-      const resourceDocs = await this.obpClientService.get(
-        path,
-        oauthConfig
-      )
+      const resourceDocs = await this.obpClientService.get(path, oauthConfig)
       return !this.isCodeError(resourceDocs, path)
     } catch (error) {
       return false
@@ -99,13 +96,7 @@ export class StatusController {
       const messageDocsCodeResult = await Promise.all(
         this.connectors.map(async (connector) => {
           const path = `/obp/${version}/message-docs/${connector}`
-          return !this.isCodeError(
-            await this.obpClientService.get(
-              path,
-              oauthConfig
-            ),
-            path
-          )
+          return !this.isCodeError(await this.obpClientService.get(path, oauthConfig), path)
         })
       )
       return messageDocsCodeResult.every((isCodeError: boolean) => isCodeError)

server/controllers/CallbackController.ts

@@ -28,20 +28,16 @@
 import { Controller, Session, Req, Res, Get } from 'routing-controllers'
 import { Request, Response } from 'express'
 import OBPClientService from '../services/OBPClientService'
-import OauthInjectedService from '../services/OauthInjectedService'
 import { Service } from 'typedi'
-import superagent from 'superagent'
 import { OAuth2Service } from '../services/OAuth2Service'
 
 @Service()
 @Controller('/user')
 export class UserController {
   private obpExplorerHome = process.env.VITE_OBP_API_EXPLORER_HOST
-  private useOAuth2 = process.env.VITE_USE_OAUTH2 === 'true'
 
   constructor(
     private obpClientService: OBPClientService,
-    private oauthInjectedService: OauthInjectedService,
     private oauth2Service: OAuth2Service
   ) {}
   @Get('/logoff')
@@ -52,11 +48,6 @@ export class UserController {
   ): Response {
     console.log('UserController: Logging out user')
 
-    // Clear OAuth 1.0a session data
-    this.oauthInjectedService.requestTokenKey = undefined
-    this.oauthInjectedService.requestTokenSecret = undefined
-    session['clientConfig'] = undefined
-
     // Clear OAuth2 session data
     delete session['oauth2_access_token']
     delete session['oauth2_refresh_token']
@@ -95,10 +86,9 @@ export class UserController {
     @Res() response: Response
   ): Response {
     console.log('UserController: Getting current user')
-    console.log('  OAuth2 enabled:', this.useOAuth2)
 
-    // Check OAuth2 session first (if OAuth2 is enabled)
-    if (this.useOAuth2 && session['oauth2_user']) {
+    // Check OAuth2 session
+    if (session['oauth2_user']) {
       console.log('UserController: Returning OAuth2 user info')
       const oauth2User = session['oauth2_user']
 
@@ -146,24 +136,8 @@ export class UserController {
       })
     }
 
-    // Fall back to OAuth 1.0a
-    console.log('UserController: Checking OAuth 1.0a session')
-    const oauthConfig = session['clientConfig']
-
-    if (!oauthConfig) {
-      console.log('UserController: No authentication session found')
-      return response.json({})
-    }
-
-    console.log('UserController: Returning OAuth 1.0a user info')
-    const version = this.obpClientService.getOBPVersion()
-
-    try {
-      const userData = await this.obpClientService.get(`/obp/${version}/users/current`, oauthConfig)
-      return response.json(userData)
-    } catch (error) {
-      console.error('UserController: Failed to get user from OBP API:', error)
-      return response.json({})
-    }
+    // No authentication session found
+    console.log('UserController: No authentication session found')
+    return response.json({})
   }
 }

server/controllers/ConnectController.ts

@@ -27,7 +27,7 @@
 
 import { ExpressMiddlewareInterface } from 'routing-controllers'
 import { Request, Response } from 'express'
-import { Service } from 'typedi'
+import { Service, Container } from 'typedi'
 import { OAuth2Service } from '../services/OAuth2Service'
 import { PKCEUtils } from '../utils/pkce'
 
@@ -58,7 +58,12 @@ import { PKCEUtils } from '../utils/pkce'
  */
 @Service()
 export default class OAuth2AuthorizationMiddleware implements ExpressMiddlewareInterface {
-  constructor(private oauth2Service: OAuth2Service) {}
+  private oauth2Service: OAuth2Service
+
+  constructor() {
+    // Explicitly get OAuth2Service from the container to avoid injection issues
+    this.oauth2Service = Container.get(OAuth2Service)
+  }
 
   /**
    * Handle the authorization request
@@ -69,7 +74,14 @@ export default class OAuth2AuthorizationMiddleware implements ExpressMiddlewareI
   async use(request: Request, response: Response): Promise<void> {
     console.log('OAuth2AuthorizationMiddleware: Starting OAuth2 authorization flow')
 
-    // Check if OAuth2 service is initialized
+    // Check if OAuth2 service exists and is initialized
+    if (!this.oauth2Service) {
+      console.error('OAuth2AuthorizationMiddleware: OAuth2 service is null/undefined')
+      return response
+        .status(500)
+        .send('OAuth2 service not available. Please check server configuration.')
+    }
+
     if (!this.oauth2Service.isInitialized()) {
       console.error('OAuth2AuthorizationMiddleware: OAuth2 service not initialized')
       return response
@@ -140,9 +152,7 @@ export default class OAuth2AuthorizationMiddleware implements ExpressMiddlewareI
       delete session['oauth2_flow_timestamp']
       delete session['oauth2_redirect_page']
 
-      return response
-        .status(500)
-        .send(`Failed to initiate OAuth2 flow: ${error.message}`)
+      return response.status(500).send(`Failed to initiate OAuth2 flow: ${error.message}`)
     }
   }
 }