'PassportJS OAuth2Strategy: authenticate returns 400 instead of redirecting

I'm trying to setup discord oauth2 pkce using passportjs and the passport-oauth2

const discordStrategy = new OAuth2Strategy({
  authorizationURL: 'https://discord.com/api/oauth2/authorize',
  tokenURL: 'https://discord.com/api/oauth2/token',
  clientID: DISCORD_CLIENT_ID,
  clientSecret: DISCORD_CLIENT_SECRET,
  callbackURL: DISCORD_CALLBACK_URL,
  state: true,
  pkce: true,
  scope: ['identity', 'scope'],
  passReqToCallback: true,
},
  (req: Request, accessToken: string, refreshToken: string, profile: DiscordUserProfile, cb: any) => {
    prisma.user.findUnique({ where: { email: profile.email ?? '' }}).then(foundUser => {
      if (foundUser === null) {
        // Create a new user with oauth identity.
      } else {
        cb(null, foundUser)
      }
    }).catch(error => {
      cb(error, null);
    })
  });

I've been following the google example as well as some others, these examples indicate that, I should be able to use:

passport.use('discord', discordStrategy);

and

authRouter.get('/discord', passport.authenticate('discord'));

and this should redirect to the OAuth2 providers login page, but instead, I get a 400 Bad Request "The request cannot be fulfilled due to bad syntax." The response body contains an object:

{"scope": ["0"]}

Why is this happening instead of the expected redirect?

My intention is that, once the user logs in, I should get a code, then I can post that code and the code verifier to get an access token, then once the access token is obtained, the actual authenticate call can be made

Edit: I put breakpoints in the passport.authenticate function and I stepped through it. It does actually get through everything and it calls the redirect. The parsed URL it generates, even if I copy it and manually navigate to the URL, it gives me the same, just gives:

{"scope": ["0"]}

and no login page, why?

expressoauth-2.0passport.js


Solution 1:[1]

If you add a version number to the base api url, e.g. /v9 it gives a full error message.

It turned out I had typo'd the scopes, I had 'identity' instead of 'identify' - now this part of the process is working as expected.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Psibean

Related Questions

Request body is empty when posting form-data

How do I debug error ECONNRESET in Node.js?

Stripe webhook error: No signatures found matching the expected signature for payload

exit from express middleware with specific http status

Zip File Download via Axios from Express Server not working in React App

How to use http-auth with Sails

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

Express and nginx net::ERR_CONTENT_LENGTH_MISMATCH

express.js - best POST json schema validator [closed]

How to Insert documents to multiple collection in a single query using nodejs

nodejs multer retrieve stored images to the client side

router.get doesn't work but router.get with id works

How to get GET (query string) variables in Express.js on Node.js?

Node.js + Express.js (Connect) - Accessing Session from 'upgrade' event

setupProxy is not working - http-proxy-middleware