By: Ha Ro user 01 Jul 2020 at 7:41 a.m. CDT

3 Responses
Ha Ro gravatar
I'm trying to figure out how to stop GLuu user attributes being overwritten. It is okay to update the field if empty, but otherwise don't want it overwritten. And if user doesn't exist in Gluu, then do not create a new user, just give a user not found error instead. Desired: User clicks External Providers login link (discord). They Authorize the Gluu/Discord app. If the user is a valid user on the Gluu server already existing, the DiscordUid is updated in the Gluu user's custom attribute. If the user does not exist on the Gluu server, receive intelligible error of "User Not Found", rather than generic "error". Do _not_ create a new user if the user does not already exist in Gluu. What is happening: What is actually happening. If existing user, not only is the discordUid getting updated (desired) it is also overwriting the fname and lname of the Gluu user with the DIscord data (undesired). Additionally, if the user doesn't exist in Gluu, it is creating a new user in Gluu (undersired), instead of not creating a user, and just providing an intelligible error of "User Not found". # .../auth/discord.js: ``` var passport = require('passport'); var DiscordStrategy = require('passport-discord').Strategy; var setCredentials = function(credentials) { var callbackURL = global.applicationHost.concat("/passport/auth/discord/callback"); passport.use(new DiscordStrategy({ clientID: credentials.clientID, clientSecret: credentials.clientSecret, callbackURL: callbackURL, profileFields: ['id', 'name', 'displayName', 'email'] }, function(accessToken, refreshToken, profile, done) { var userProfile = { id: profile.username || profile.id || "", name: profile.displayName || profile.username || "", username: profile.username || "", email: profile.email || "", givenName: profile.username || "", familyName: profile.username || "", provider: "discord", discordUid: profile.id || "" }; return done(null, userProfile); } )); }; module.exports = { passport: passport, setCredentials: setCredentials }; ``` # ..../auth/configureStrategies.js ``` var DiscordStrategy = require('./discord'); var FacebookStrategy = require('./facebook'); var GitHubStrategy = require('./github'); var GoogleStrategy = require('./google'); var LinkedinStrategy = require('./linkedin'); var TumblrStrategy = require('./tumblr'); var TwitterStrategy = require('./twitter'); var YahooStrategy = require('./yahoo'); var DropboxOAuth2Strategy = require('./dropbox'); var OIDCStrategy = require('./openidconnect') var SamlStrategy = require("./saml"); var logger = require("../utils/logger") exports.setConfigurations = function(data){ SamlStrategy.setCredentials(); if (data &amp;&amp; data.passportStrategies) { //DiscordStrategy added by Hawke if (data.passportStrategies.discord) { logger.log2('info', 'Discord Strategy details received') DiscordStrategy.setCredentials(data.passportStrategies.discord) } //FacebookStrategy if (data.passportStrategies.facebook) { logger.log2('info', 'Facebook Strategy details received') FacebookStrategy.setCredentials(data.passportStrategies.facebook) } //GitHubStrategy if (data.passportStrategies.github) { logger.log2('info', 'Github Strategy details received') GitHubStrategy.setCredentials(data.passportStrategies.github) } //DropboxOAuth2Strategy if (data.passportStrategies.dropbox) { logger.log2('info', 'DropboxOAuth2 Strategy details received') DropboxOAuth2Strategy.setCredentials(data.passportStrategies.dropbox) } //GoogleStrategy if (data.passportStrategies.google) { logger.log2('info', 'Google Strategy details received') GoogleStrategy.setCredentials(data.passportStrategies.google) } //LinkedinStrategy if (data.passportStrategies.linkedin) { logger.log2('info', 'LinkedIn Strategy details received') LinkedinStrategy.setCredentials(data.passportStrategies.linkedin) } //TumblrStrategy if (data.passportStrategies.tumblr) { logger.log2('info', 'Tumblr Strategy details received') TumblrStrategy.setCredentials(data.passportStrategies.tumblr) } //TwitterStrategy if (data.passportStrategies.twitter) { logger.log2('info', 'Twitter Strategy details received') TwitterStrategy.setCredentials(data.passportStrategies.twitter) } //YahooStrategy if (data.passportStrategies.yahoo) { logger.log2('info', 'Yahoo Strategy details received') YahooStrategy.setCredentials(data.passportStrategies.yahoo) } //OIDCStrategy if (data.passportStrategies.openidconnect) { logger.log2('info', 'OIDC details received') OIDCStrategy.setCredentials(data.passportStrategies.openidconnect) } //SamlStrategy if (data.passportStrategies.saml) { logger.log2('info', 'Saml Strategy details received') } } else { logger.log2('error', 'Error in getting data: %s', JSON.stringify(err)) } }; ``` # ....//server/extra-passport-params.js ``` var DiscordStrategy = require('./discord'); var FacebookStrategy = require('./facebook'); var GitHubStrategy = require('./github'); var GoogleStrategy = require('./google'); var LinkedinStrategy = require('./linkedin'); var TumblrStrategy = require('./tumblr'); var TwitterStrategy = require('./twitter'); var YahooStrategy = require('./yahoo'); var DropboxOAuth2Strategy = require('./dropbox'); var OIDCStrategy = require('./openidconnect') var SamlStrategy = require("./saml"); var logger = require("../utils/logger") exports.setConfigurations = function(data){ SamlStrategy.setCredentials(); if (data &amp;&amp; data.passportStrategies) { //DiscordStrategy added by Hawke if (data.passportStrategies.discord) { logger.log2('info', 'Discord Strategy details received') DiscordStrategy.setCredentials(data.passportStrategies.discord) } //FacebookStrategy if (data.passportStrategies.facebook) { logger.log2('info', 'Facebook Strategy details received') FacebookStrategy.setCredentials(data.passportStrategies.facebook) } //GitHubStrategy if (data.passportStrategies.github) { logger.log2('info', 'Github Strategy details received') GitHubStrategy.setCredentials(data.passportStrategies.github) } //DropboxOAuth2Strategy if (data.passportStrategies.dropbox) { logger.log2('info', 'DropboxOAuth2 Strategy details received') DropboxOAuth2Strategy.setCredentials(data.passportStrategies.dropbox) } //GoogleStrategy if (data.passportStrategies.google) { logger.log2('info', 'Google Strategy details received') GoogleStrategy.setCredentials(data.passportStrategies.google) } //LinkedinStrategy if (data.passportStrategies.linkedin) { logger.log2('info', 'LinkedIn Strategy details received') LinkedinStrategy.setCredentials(data.passportStrategies.linkedin) } //TumblrStrategy if (data.passportStrategies.tumblr) { logger.log2('info', 'Tumblr Strategy details received') TumblrStrategy.setCredentials(data.passportStrategies.tumblr) } //TwitterStrategy if (data.passportStrategies.twitter) { logger.log2('info', 'Twitter Strategy details received') TwitterStrategy.setCredentials(data.passportStrategies.twitter) } //YahooStrategy if (data.passportStrategies.yahoo) { logger.log2('info', 'Yahoo Strategy details received') YahooStrategy.setCredentials(data.passportStrategies.yahoo) } //OIDCStrategy if (data.passportStrategies.openidconnect) { logger.log2('info', 'OIDC details received') OIDCStrategy.setCredentials(data.passportStrategies.openidconnect) } //SamlStrategy if (data.passportStrategies.saml) { logger.log2('info', 'Saml Strategy details received') } } else { logger.log2('error', 'Error in getting data: %s', JSON.stringify(err)) } }; ``` # ..../routes/index.js ``` var express = require('express'); var router = express.Router(); var jwt = require('jsonwebtoken'); var util = require('util') var passportLinkedIn = require('../auth/linkedin').passport; var passportGithub = require('../auth/github').passport; var passportTwitter = require('../auth/twitter').passport; var passportDiscord = require('../auth/discord').passport; var passportFacebook = require('../auth/facebook').passport; var passportTumblr = require('../auth/tumblr').passport; var passportYahoo = require('../auth/yahoo').passport; var passportGoogle = require('../auth/google').passport; var passportWindowsLive = require('../auth/windowslive').passport; var passportDropbox = require('../auth/dropbox').passport; var passportSAML = require('../auth/saml').passport; var passportOIDC = require('../auth/openidconnect').passport var fs = require('fs'); var uuid = require('uuid'); var logger = require("../utils/logger") var misc = require('../utils/misc') var openid = require('../openid/openid') var validateToken = function (req, res, next) { var token = req.body &amp;&amp; req.body.token || req.params &amp;&amp; req.params.token || req.headers['x-access-token']; if (token) { // verifies secret and checks expiration of token jwt.verify(token, global.applicationSecretKey, function (err, decoded) { if (err) { return res.json({ success: false, message: 'Failed to authenticate token.' }); } else { // if everything is good, save to request for use in other routes req.decoded = decoded; return next(); } }); } else { // if there is no token, return an error return res.redirect(global.config.applicationStartpoint + '?failure=No token provided'); } }; var casaCallback = function (req, res) { var provider = req.params.provider res.cookie('casa-' + provider, req.decoded.exp, { httpOnly: true, maxAge: 120000, //2min expiration secure: true }) var obj switch (provider) { case 'github': obj = passportGithub break case 'twitter': obj = passportTwitter break case 'discord': obj = passportDiscord break case 'facebook': obj = passportFacebook break case 'tumblr': obj = passportTumblr break case 'yahoo': obj = passportYahoo break case 'google': obj = passportGoogle break case 'windowslive': obj = passportWindowsLive break case 'dropbox': obj = passportDropbox break case 'openidconnect': obj = passportOIDC break } if (!obj &amp;&amp; (provider in global.saml_config)) { obj = passportSAML } var lurl = '/casa/rest/pl/account-linking/idp-linking' if (!obj) { res.redirect(util.format('%s?failure=Provider %s not recognized in passport-casa mapping', lurl, provider)) } else { logger.log2('verbose', 'At casaCallback, proceeding with linking procedure for provider %s', provider) obj.authenticate(provider, { failureRedirect: util.format('%s?failure=An error occurred triggering authentication for %s', lurl, provider) } )(req,res) } } var callbackResponse = function (req, res) { if (!req.user) { return res.redirect(global.config.applicationStartpoint + '?failure=Unauthorized'); } var provider = req.params.providerKey || req.user.provider var postUrl if (req.cookies['casa-' + provider]) { postUrl = '/casa/rest/pl/account-linking/idp-linking/' + encodeURIComponent(provider) } else { postUrl = global.config.applicationEndpoint } var subject = req.user.id logger.log2('info', 'User authenticated with userid "%s" and strategy "%s"', subject, provider) var now = new Date().getTime() var jwt = misc.getJWT({ iss: postUrl, sub: subject, aud: global.config.clientId, jti: uuid(), exp: now / 1000 + 30, iat: now, data: req.user }) logger.log2('debug', 'Preparing to send user data to: %s with JWT=%s', postUrl, jwt) var response_body = ` &lt;html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"&gt; &lt;head&gt; &lt;/head&gt; &lt;body onload="document.forms[0].submit()"&gt; &lt;noscript&gt; &lt;p&gt; <strong>Note:</strong> Since your browser does not support JavaScript, you must press the Continue button once to proceed. &lt;/p&gt; &lt;/noscript&gt; &lt;form action="${postUrl}" method="post"&gt; &lt;div&gt; &lt;input type="hidden" name="user" value="${jwt}"/&gt; &lt;noscript&gt; &lt;input type="submit" value="Continue"/&gt; &lt;/noscript&gt; &lt;/div&gt; &lt;/form&gt; &lt;/body&gt; &lt;/html&gt; ` res.set('content-type', 'text/html;charset=UTF-8'); return res.send(response_body); }; var callbackAuthzResponse = function (req, res) { logger.log2('verbose', "callbackAuthzResponse. Entry point") if (!req.user) { return res.redirect(global.config.applicationStartpoint + '?failure=Unauthorized'); } var provider = req.user.providerKey var user = req.user var subject = user.id logger.log2('info', 'User authenticated with userid "%s" and strategy "%s"', subject, provider) logger.log2('verbose', 'callbackAuthzResponse. Full req is\n%s', util.inspect(req, {showHidden: false, depth: 2})) var idp_initiated_config = global.saml_idp_init_config[provider] logger.log2('verbose', 'Using inboung IDP config: %s', JSON.stringify(idp_initiated_config)) if (idp_initiated_config) { client = idp_initiated_config['openid_client'] authorization_params = idp_initiated_config['authorization_params'] // Cache authorization_endpoint authorization_endpoint = undefined if (idp_initiated_config[provider]) { authorization_endpoint = idp_initiated_config[provider] logger.log2('debug', 'Get cached authorization_endpoint: %s', authorization_endpoint) redirectToAuthorizationEndpoint(res, client, authorization_endpoint, authorization_params, user) } else { openid.getAuthorizationEndpoint(client['server_uri']) .then(authorization_endpoint =&gt; { logger.log2('debug', 'Get authorization_endpoint: %s', authorization_endpoint) idp_initiated_config[provider] = authorization_endpoint redirectToAuthorizationEndpoint(res, client, authorization_endpoint, authorization_params, user) }) } } else { return res.redirect(util.format('%s?failure=Unknown IDP %s or service provider %s', global.config.applicationStartpoint, provider, "")) } }; function redirectToAuthorizationEndpoint(res, client, authorization_endpoint, authorization_params, user) { logger.log2('debug', 'Call to redirectToAuthorizationEndpoint') var subject = user.id var now = new Date().getTime() var jwt = misc.getJWT({ iss: client['server_uri'], sub: subject, aud: authorization_params['client_id'], jti: uuid(), exp: now / 1000 + 30, iat: now, data: user }) logger.log2('debug', 'Preparing to send authorization request with user data to: %s with JWT=%s', authorization_endpoint, jwt) authorization_params_cloned = JSON.parse(JSON.stringify(authorization_params)) authorization_params_cloned['state'] = jwt authorization_url = openid.getAuthorizationUrl(authorization_endpoint, authorization_params_cloned) res.set('content-type', 'text/html;charset=UTF-8'); return res.redirect(authorization_url); } router.get('/', function (req, res, next) { res.render('index', { title: 'Node-Passport' }); }); router.get('/login', function (req, res, next) { res.redirect(global.config.applicationStartpoint + '?failure=An error occurred'); }); router.get('/casa/:provider/:token', validateToken, casaCallback) //=================== linkedin ================= router.get('/auth/linkedin/callback', passportLinkedIn.authenticate('linkedin', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/linkedin/:token', validateToken, passportLinkedIn.authenticate('linkedin')); //===================== github ================= router.get('/auth/github/callback', passportGithub.authenticate('github', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/github/:token', validateToken, passportGithub.authenticate('github', { scope: ['user:email'] })); //==================== twitter ================= router.use('/auth/twitter/callback', passportTwitter.authenticate('twitter', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/twitter/:token', validateToken, passportTwitter.authenticate('twitter')); //=============discord added by hawke ========== router.get('/auth/discord/callback', passportDiscord.authenticate('discord', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/discord/:token', validateToken, passportDiscord.authenticate('discord', { scope: ['identify', 'email'] })); //==================== facebook ================ router.get('/auth/facebook/callback', passportFacebook.authenticate('facebook', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/facebook/:token', validateToken, passportFacebook.authenticate('facebook', { scope: ['email'] })); //===================== tumblr ================= router.get('/auth/tumblr/callback', passportTumblr.authenticate('tumblr', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/tumblr/:token', validateToken, passportTumblr.authenticate('tumblr')); //===================== yahoo ================= router.get('/auth/yahoo/callback', passportYahoo.authenticate('yahoo', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/yahoo/:token', validateToken, passportYahoo.authenticate('yahoo')); //===================== google ================= router.get('/auth/google/callback', passportGoogle.authenticate('google', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/google/:token', validateToken, passportGoogle.authenticate('google', { scope: ['profile', 'email'] })); //================== windowslive =============== router.get('/auth/windowslive/callback', passportWindowsLive.authenticate('windowslive', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/windowslive/:token', validateToken, passportWindowsLive.authenticate('windowslive')); //================== dropbox ================== router.get('/auth/dropbox/callback', passportDropbox.authenticate('dropbox-oauth2', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/dropbox/:token', validateToken, passportDropbox.authenticate('dropbox-oauth2')); //=================== OIDC =================== router.get('/auth/openidconnect/callback', var express = require('express'); var router = express.Router(); var jwt = require('jsonwebtoken'); var util = require('util') var passportLinkedIn = require('../auth/linkedin').passport; var passportGithub = require('../auth/github').passport; var passportTwitter = require('../auth/twitter').passport; var passportDiscord = require('../auth/discord').passport; var passportFacebook = require('../auth/facebook').passport; var passportTumblr = require('../auth/tumblr').passport; callbackResponse); root@wbau1:/opt/gluu/node/passport/server/routes# cat index.js var express = require('express'); var router = express.Router(); var jwt = require('jsonwebtoken'); var util = require('util') var passportLinkedIn = require('../auth/linkedin').passport; var passportGithub = require('../auth/github').passport; var passportTwitter = require('../auth/twitter').passport; var passportDiscord = require('../auth/discord').passport; var passportFacebook = require('../auth/facebook').passport; var passportTumblr = require('../auth/tumblr').passport; var passportYahoo = require('../auth/yahoo').passport; var passportGoogle = require('../auth/google').passport; var passportWindowsLive = require('../auth/windowslive').passport; var passportDropbox = require('../auth/dropbox').passport; var passportSAML = require('../auth/saml').passport; var passportOIDC = require('../auth/openidconnect').passport var fs = require('fs'); var uuid = require('uuid'); var logger = require("../utils/logger") var misc = require('../utils/misc') var openid = require('../openid/openid') var validateToken = function (req, res, next) { var token = req.body &amp;&amp; req.body.token || req.params &amp;&amp; req.params.token || req.headers['x-access-token']; if (token) { // verifies secret and checks expiration of token jwt.verify(token, global.applicationSecretKey, function (err, decoded) { if (err) { return res.json({ success: false, message: 'Failed to authenticate token.' }); } else { // if everything is good, save to request for use in other routes req.decoded = decoded; return next(); } }); } else { // if there is no token, return an error return res.redirect(global.config.applicationStartpoint + '?failure=No token provided'); } }; var casaCallback = function (req, res) { var provider = req.params.provider res.cookie('casa-' + provider, req.decoded.exp, { httpOnly: true, maxAge: 120000, //2min expiration secure: true }) var obj switch (provider) { case 'github': obj = passportGithub break case 'twitter': obj = passportTwitter break case 'discord': obj = passportDiscord break case 'facebook': obj = passportFacebook break case 'tumblr': obj = passportTumblr break case 'yahoo': obj = passportYahoo break case 'google': obj = passportGoogle break case 'windowslive': obj = passportWindowsLive break case 'dropbox': obj = passportDropbox break case 'openidconnect': obj = passportOIDC break } if (!obj &amp;&amp; (provider in global.saml_config)) { obj = passportSAML } var lurl = '/casa/rest/pl/account-linking/idp-linking' if (!obj) { res.redirect(util.format('%s?failure=Provider %s not recognized in passport-casa mapping', lurl, provider)) } else { logger.log2('verbose', 'At casaCallback, proceeding with linking procedure for provider %s', provider) obj.authenticate(provider, { failureRedirect: util.format('%s?failure=An error occurred triggering authentication for %s', lurl, provider) } )(req,res) } } var callbackResponse = function (req, res) { if (!req.user) { return res.redirect(global.config.applicationStartpoint + '?failure=Unauthorized'); } var provider = req.params.providerKey || req.user.provider var postUrl if (req.cookies['casa-' + provider]) { postUrl = '/casa/rest/pl/account-linking/idp-linking/' + encodeURIComponent(provider) } else { postUrl = global.config.applicationEndpoint } var subject = req.user.id logger.log2('info', 'User authenticated with userid "%s" and strategy "%s"', subject, provider) var now = new Date().getTime() var jwt = misc.getJWT({ iss: postUrl, sub: subject, aud: global.config.clientId, jti: uuid(), exp: now / 1000 + 30, iat: now, data: req.user }) logger.log2('debug', 'Preparing to send user data to: %s with JWT=%s', postUrl, jwt) var response_body = ` &lt;html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"&gt; &lt;head&gt; &lt;/head&gt; &lt;body onload="document.forms[0].submit()"&gt; &lt;noscript&gt; &lt;p&gt; <strong>Note:</strong> Since your browser does not support JavaScript, you must press the Continue button once to proceed. &lt;/p&gt; &lt;/noscript&gt; &lt;form action="${postUrl}" method="post"&gt; &lt;div&gt; &lt;input type="hidden" name="user" value="${jwt}"/&gt; &lt;noscript&gt; &lt;input type="submit" value="Continue"/&gt; &lt;/noscript&gt; &lt;/div&gt; &lt;/form&gt; &lt;/body&gt; &lt;/html&gt; ` res.set('content-type', 'text/html;charset=UTF-8'); return res.send(response_body); }; var callbackAuthzResponse = function (req, res) { logger.log2('verbose', "callbackAuthzResponse. Entry point") if (!req.user) { return res.redirect(global.config.applicationStartpoint + '?failure=Unauthorized'); } var provider = req.user.providerKey var user = req.user var subject = user.id logger.log2('info', 'User authenticated with userid "%s" and strategy "%s"', subject, provider) logger.log2('verbose', 'callbackAuthzResponse. Full req is\n%s', util.inspect(req, {showHidden: false, depth: 2})) var idp_initiated_config = global.saml_idp_init_config[provider] logger.log2('verbose', 'Using inboung IDP config: %s', JSON.stringify(idp_initiated_config)) if (idp_initiated_config) { client = idp_initiated_config['openid_client'] authorization_params = idp_initiated_config['authorization_params'] // Cache authorization_endpoint authorization_endpoint = undefined if (idp_initiated_config[provider]) { authorization_endpoint = idp_initiated_config[provider] logger.log2('debug', 'Get cached authorization_endpoint: %s', authorization_endpoint) redirectToAuthorizationEndpoint(res, client, authorization_endpoint, authorization_params, user) } else { openid.getAuthorizationEndpoint(client['server_uri']) .then(authorization_endpoint =&gt; { logger.log2('debug', 'Get authorization_endpoint: %s', authorization_endpoint) idp_initiated_config[provider] = authorization_endpoint redirectToAuthorizationEndpoint(res, client, authorization_endpoint, authorization_params, user) }) } } else { return res.redirect(util.format('%s?failure=Unknown IDP %s or service provider %s', global.config.applicationStartpoint, provider, "")) } }; function redirectToAuthorizationEndpoint(res, client, authorization_endpoint, authorization_params, user) { logger.log2('debug', 'Call to redirectToAuthorizationEndpoint') var subject = user.id var now = new Date().getTime() var jwt = misc.getJWT({ iss: client['server_uri'], sub: subject, aud: authorization_params['client_id'], jti: uuid(), exp: now / 1000 + 30, iat: now, data: user }) logger.log2('debug', 'Preparing to send authorization request with user data to: %s with JWT=%s', authorization_endpoint, jwt) authorization_params_cloned = JSON.parse(JSON.stringify(authorization_params)) authorization_params_cloned['state'] = jwt authorization_url = openid.getAuthorizationUrl(authorization_endpoint, authorization_params_cloned) res.set('content-type', 'text/html;charset=UTF-8'); return res.redirect(authorization_url); } router.get('/', function (req, res, next) { res.render('index', { title: 'Node-Passport' }); }); router.get('/login', function (req, res, next) { res.redirect(global.config.applicationStartpoint + '?failure=An error occurred'); }); router.get('/casa/:provider/:token', validateToken, casaCallback) //=================== linkedin ================= router.get('/auth/linkedin/callback', passportLinkedIn.authenticate('linkedin', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/linkedin/:token', validateToken, passportLinkedIn.authenticate('linkedin')); //===================== github ================= router.get('/auth/github/callback', passportGithub.authenticate('github', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/github/:token', validateToken, passportGithub.authenticate('github', { scope: ['user:email'] })); //==================== twitter ================= router.use('/auth/twitter/callback', passportTwitter.authenticate('twitter', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/twitter/:token', validateToken, passportTwitter.authenticate('twitter')); //=============discord added by hawke ========== router.get('/auth/discord/callback', passportDiscord.authenticate('discord', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/discord/:token', validateToken, passportDiscord.authenticate('discord', { scope: ['identify', 'email'] })); //==================== facebook ================ router.get('/auth/facebook/callback', passportFacebook.authenticate('facebook', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/facebook/:token', validateToken, passportFacebook.authenticate('facebook', { scope: ['email'] })); //===================== tumblr ================= router.get('/auth/tumblr/callback', passportTumblr.authenticate('tumblr', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/tumblr/:token', validateToken, passportTumblr.authenticate('tumblr')); //===================== yahoo ================= router.get('/auth/yahoo/callback', passportYahoo.authenticate('yahoo', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/yahoo/:token', validateToken, passportYahoo.authenticate('yahoo')); //===================== google ================= router.get('/auth/google/callback', passportGoogle.authenticate('google', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/google/:token', validateToken, passportGoogle.authenticate('google', { scope: ['profile', 'email'] })); //================== windowslive =============== router.get('/auth/windowslive/callback', passportWindowsLive.authenticate('windowslive', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/windowslive/:token', validateToken, passportWindowsLive.authenticate('windowslive')); //================== dropbox ================== router.get('/auth/dropbox/callback', passportDropbox.authenticate('dropbox-oauth2', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/dropbox/:token', validateToken, passportDropbox.authenticate('dropbox-oauth2')); //=================== OIDC =================== router.get('/auth/openidconnect/callback', passportOIDC.authenticate('openidconnect', { failureRedirect: '/passport/login' }), callbackResponse); router.get('/auth/openidconnect/:token', validateToken, passportOIDC.authenticate('openidconnect')) //===================saml ==================== var entitiesJSON = global.saml_config; for (key in entitiesJSON) { if (entitiesJSON[key].cert &amp;&amp; entitiesJSON[key].cert.length &gt; 5 &amp;&amp; entitiesJSON[key].enable.match("true")) { router.post('/auth/saml/' + key + '/callback', passportSAML.authenticate(key, { failureRedirect: '/passport/login' }), callbackResponse); router.post('/auth/saml/' + key + '/callback/inbound', passportSAML.authenticate(key, { failureRedirect: '/passport/login' }), callbackAuthzResponse); router.get('/auth/saml/' + key + '/:token', validateToken, passportSAML.authenticate(key)); } else { router.get('/auth/saml/' + key + '/:token', validateToken, function (req, res) { err = { message: "cert param is required to validate signature of saml assertions response" }; logger.log2('error', 'Cert Error: %s', JSON.stringify(err)) res.status(400).send("Internal Error"); }); } } router.get('/auth/meta/idp/:idp', function (req, res) { var idp = req.params.idp; logger.log2('verbose', 'Metadata request for %s', idp); fs.readFile(__dirname + '/../idp-metadata/' + idp + '.xml', (e, data) =&gt; { if (e) { res.status(404).send("Internal Error") } else { res.status(200).set('Content-Type', 'text/xml').send(String(data)) } }) }); //======== catch 404 and forward to login ======== router.all('/*', function (req, res, next) { var err = new Error('Not Found'); err.status = 404; res.redirect(global.config.applicationStartpoint + '?failure=The requested resource does not exists!'); }); module.exports = router ``` I keep trying to remove some of the fields from the discord.js, but that completely breaks it, so I'm doing something wrong either with the syntax in there, or it is being expected in some other area? I also try tweaking the fields/attributes listed in the Manage Custom Scripts &gt; Person Authentication &gt; passport_social, but any changes I make there break it as well. Any ideas where I'm missing this? Anything else I need to post to make this usefully intelligible? Thanks! Thanks!

By Ha Ro user 01 Jul 2020 at 9:50 a.m. CDT

Ha Ro gravatar
Figured out the "clobbering" Need to remove the listed fields in both passport_saml AND passport_social. For example: generic_local_attributes_list: uid, mail, cn, displayName, givenName, sn, provider, discordUid and generic_remote_attributes_list: username, email, name, name, givenName, familyName, provider, discordUid AND passport_saml: generic_local_attributes_list: uid, mail, cn, displayName, givenName, sn, provider and generic_remote_attributes_list: username, email, name, name, givenName, familyName, provider That seems to work, though don't know about what best practices should be, and would appreciate guidance is there is a better way to do this. Now to figure out how to preventit from creating new users (only allow updates of existing users, not allow creating new users from the discord app).

By Ha Ro user 01 Jul 2020 at 9:59 a.m. CDT

Ha Ro gravatar
So for the desired checking existing users but not creating a new user, is that in the Manage Authentication &gt; Passport Support &gt; Strategy section? Or somewhere else? Currently all I have for this discord.js strategy are the following fields: clientID clientSecret logo_img emailLinkingSafe true. Is there a variable I can add and set boolean to prevent creating new user if not exist already, but still allow updating of existing user? I keep trying to find the relevant docs for the 3.1.6 version, but following links listed in the docs for the details on the topic the links keep being broken, for example: https://www.gluu.org/docs/gluu-server/3.1.6/admin-guide/user-management/local-user-management#user-registration is 404.

By Ha Ro user 02 Jul 2020 at 9:26 a.m. CDT

Ha Ro gravatar
I'll go ahead and post the "prevent passport from creating new user" as a new post since it is a different issue. I'll close this out as solved.