My server is authenticating API requests using a token sent as a header. All the requests are mandatorily passed through that authentication check.
Now, I want to get a token using OAuth 2.0 to hit some third party APIs, so I am passing all the credentials to their OAuth service including the redirect URI. But the thing is I am not able to authenticate the user when the third party service redirects to the provided URI because it lacks that authentication header.
Here is what could have helped- How to pass headers while doing res.redirect in express js but unfortunately, Node.js doesn't support setting headers while redirecting.
I can't see any way to alter the middleware without affecting other APIs because had this been possible, I would have simply maintained user session for that. Even if I add that check of session, I can't disable the header check so the session thing seems futile to me now.
Now, I think the only option I am left with is trying to set headers to the redirect request. This question is about the same thing- Redirect to OAuth URL with headers but it is about creating a custom response object for the OAuth in Python. I don't think my third party OAuth service would allow that.
The last thing that I have thought of is somehow passing the token into the state query and getting the same back for authorization into header somehow.
This is the request for authorization:
function getToken() {
//some checks here
res.redirect(BASE_THIRD_PARTY_URL + CREDENTIAL_QUERIES + REDIRECT_URI + "state="+TOKEN)
}
(Plus passing token in state query in URL seems security threat somehow)
So, is it possible to set headers (or some other workaround)?
