fix todo0 app auth

Author: macyabbey

packages/todo0/src/app-server.ts

@@ -19,7 +19,6 @@ interface AppServerConfig {
   oktaClientId: string;
   oktaClientSecret: string;
   oktaRedirectUri: string;
-  expectedAudience: string;
 }
 
 /**
@@ -34,8 +33,7 @@ function validateAppEnv(): AppServerConfig {
     'OKTA_ISSUER',
     'OKTA_CLIENT_ID',
     'OKTA_CLIENT_SECRET',
-    'OKTA_REDIRECT_URI',
-    'EXPECTED_AUDIENCE',
+    'OKTA_REDIRECT_URI'
   ];
 
   for (const varName of requiredVars) {
@@ -78,24 +76,19 @@ function validateAppEnv(): AppServerConfig {
 
   // Return typed configuration object
   return {
-    port: parseInt(process.env.PORT || '5001', 10),
+    port: parseInt(process.env.PORT || '', 10),
     oktaIssuer: process.env.OKTA_ISSUER!,
     oktaClientId: process.env.OKTA_CLIENT_ID!,
     oktaClientSecret: process.env.OKTA_CLIENT_SECRET!,
     oktaRedirectUri: process.env.OKTA_REDIRECT_URI!,
-    expectedAudience: process.env.EXPECTED_AUDIENCE!,
   };
 }
 
 // Validate environment and get typed configuration
 const config = validateAppEnv();
 
 // Create configured modules
-const requireAuth = createRequireAuth({
-  oktaIssuer: config.oktaIssuer,
-  oktaClientId: config.oktaClientId,
-  expectedAudience: config.expectedAudience,
-});
+const requireAuth = createRequireAuth();
 
 const authRouter = createAuthRouter({
   oktaIssuer: config.oktaIssuer,

packages/todo0/src/middleware/requireAuth.ts

@@ -1,64 +1,14 @@
 import { Request, Response, NextFunction } from 'express';
-import OktaJwtVerifier from '@okta/jwt-verifier';
-
-export interface AuthMiddlewareConfig {
-  oktaIssuer: string;
-  oktaClientId: string;
-  expectedAudience: string;
-}
-
-export function createRequireAuth(config: AuthMiddlewareConfig) {
-  const { oktaIssuer, oktaClientId, expectedAudience } = config;
-
-  console.log('🔐 Auth Middleware Configuration:');
-  console.log(`   Issuer: ${oktaIssuer}`);
-  console.log(`   Client ID: ${oktaClientId}`);
-  console.log(`   Expected Audience: ${expectedAudience}`);
-
-  const oktaJwtVerifier = new OktaJwtVerifier({
-    issuer: oktaIssuer,
-    clientId: oktaClientId,
-    assertClaims: {
-      aud: expectedAudience,
-    },
-  });
 
+export function createRequireAuth() {
   return async function requireAuth(req: Request, res: Response, next: NextFunction) {
-  // 1. Check for session-based authentication
-  if (req.session && (req.session as any).access_token) {
-    console.log('✓ Session-based authentication found');
-    return next();
-  }
-
-  // 2. Check for Bearer token authentication
-  const authHeader = req.headers.authorization || '';
-  const match = authHeader.match(/^Bearer (.+)$/);
-  if (!match) {
-    console.log('✗ No Bearer token found in Authorization header');
-    return res.status(401).json({ error: 'Missing or invalid Authorization header or session' });
-  }
-  
-  const accessToken = match[1];
-  console.log('🔍 Verifying access token...');
-  
-  try {
-    // Verify the access token
-    const jwt = await oktaJwtVerifier.verifyAccessToken(accessToken, expectedAudience);
-
-    console.log('✅ Token verified successfully');
-    console.log('   Subject:', jwt.claims.sub);
-    console.log('   Scopes:', jwt.claims.scp);
-    console.log('   Client ID:', jwt.claims.cid);
-
-    (req as any).user = jwt.claims;
-    return next();
-  } catch (err: any) {
-    console.error('❌ Token verification failed:', err.message);
-    return res.status(401).json({
-      error: 'Invalid or expired token',
-      details: err.message
-    });
-  }
+    // 1. Check for session-based authentication
+    if (req.session && (req.session as any).access_token) {
+      console.log('✓ Session-based authentication found');
+      return next();
+    } else {
+      return res.status(401).json({ error: 'Missing or invalid session' });
+    }
   };
 }