[Question]: Issue with multiple auth configs, GitLab access token not recognized as authenticated #2146
Description
What Version of the library are you using?
19.0.0
Question
I'm working on integrating multiple authentication configurations. One config is for Okta, and the other is for GitLab. Here's a quick overview of the setup:
Okta config uses the scope: openid email profile groups offline_access
GitLab config uses the scope: api (we only need the access token, not an id_token.)
I'm passing both configs like this:
provideAuth(
{
config: [oktaAuthConfig, gitlabAuthConfig],
},
withAppInitializerAuthCheck()
)
I've also tried initializing without withAppInitializerAuthCheck, using checkAuthMultiple() or calling checkAuth() individually per config.
Behavior Observed:
I'm able to login via Okta and Gitlab without issue. When I do, isAuthenticated is true for Okta. For Gitlab, I correctly get back the access and refresh token and it saves in my session storage.
But the library never says I'm authenticated with gitlab, isAuthenticated is always false.
If I remove the okta config, and change nothing else, isAuthenticated is suddenly true for Gitlab.
If I keep both configs but change GitLab's scope on the client/server to openid api, then both work together and both have isAuthenticated as true
It seems the issue arises when one config uses an id_token (Okta) and the other only uses an access_token (GitLab). Could this be a limitation or bug in how the library handles multiple configs with differing token types?
Would love to hear your thoughts. Is this a misconfiguration on my part, or something deeper in the library?
Thanks in advance! Here are also my current configs for both
Okta
export const oktaAuthConfig: OpenIdConfiguration = {
authority: environment.auth.okta.issuer,
authWellknownEndpointUrl: environment.auth.okta.issuer,
redirectUrl: environment.auth.redirectUrl,
triggerAuthorizationResultEvent: true,
checkRedirectUrlWhenCheckingIfIsCallback: false,
clientId: environment.auth.okta.clientId,
scope: 'openid email profile groups offline_access',
responseType: 'code',
silentRenew: true,
silentRenewUrl: environment.auth.okta.silentRedirectUrl,
useRefreshToken: true,
renewUserInfoAfterTokenRenew: true,
configId: 'okta',
secureRoutes: [environment.api, environment.proxy],
};
Gitlab
export const gitlabAuthConfig: OpenIdConfiguration = {
authority: environment.auth.gitlab.authority,
authWellknownEndpointUrl: environment.auth.gitlab.authWellknownEndpointUrl,
redirectUrl: environment.auth.gitlab.redirectUrl,
postLogoutRedirectUri: environment.auth.postLogoutRedirectUrl,
clientId: environment.auth.gitlab.clientId,
scope: 'api',
checkRedirectUrlWhenCheckingIfIsCallback: false,
triggerAuthorizationResultEvent: true,
triggerRefreshWhenIdTokenExpired: false,
ignoreNonceAfterRefresh: true,
responseType: 'code',
silentRenew: true,
silentRenewUrl: environment.auth.gitlab.silentRedirectUrl,
useRefreshToken: true,
disableIdTokenValidation: true,
disableRefreshIdTokenAuthTimeValidation: true,
renewUserInfoAfterTokenRenew: false,
autoUserInfo: false,
configId: 'gitlab',
};