I have an Angular website with a NodeJS server backend. The user gets redirected to a DUO authentication screen when I log in. I use the @duosecurity/duo_universal package for this. The user can authenticate on this screen and be redirected to the website. The issue is that the Authentication headers are all gone, and the user can no longer access the website.
When a user logs in, a JWT token is generated and used to authenticate the user. This token is updated when the account is verified.
The DUO authentication takes a return and returns the user to this page when the authentication is successful. After returning to the website, I get the following error when I try to access the NodeJS server from Angular:
403 Forbidden
In NodeJS:
ERROR: Bearer realm="Users"
Before redirection, this function worked. This is caused by the Authorization header being present in the headers. After the redirect, it's gone. I tried adding it again after the redirect using the same JWT token, but this had no effect on the header (accessToken is the working JWT token with the correct format: "Bearer <code here>"):
const httpOptions = {
headers: new HttpHeaders({
/*'Content-Type': 'application/json'*/
})
};
httpOptions.headers = httpOptions.headers.set('Authorization', accessToken);
return this.http.get(`/api/auth/duo/redirect`, {observe: 'response', headers: httpOptions.headers });
This reaches the NodeJS server but immediately gets caught by code, which checks if an Authorization header is present, which isn't. I postman everything works since I can input the Authorization header with the correct JWT token.
Please let me know if you need more info. I'm currently stuck on this, and I need this to work. What can I do to retain my Authorization header after a redirect?