Failed to discover OP endpoint URL

[connorlurring]

Using the recommended code

passport.use(new SteamStrategy({
    returnURL: 'http://mysite.com/auth/steam/return',
    realm: 'http://mysite.com/',
    apiKey: 'my key'
  },
etc.

app.use('/auth/steam',
  passport.authenticate('steam', { successRedirect: '/',
    failureRedirect: '/error' })
  );

app.use('/auth/steam/return',
  passport.authenticate('steam', {failureRedirect: '/404' }),
    function(req, res) {
      res.redirect('/');
    }
  );

Error: Failed to discover OP endpoint URL (message: No providers found for the given identifier)

Occasionally the site will progress past this stage however, resulting in the next error:

Failed to verify assertion (message: No OpenID provider was discovered for the asserted claimed identifier)

I tried the solution in #27 but I couldn't get it to work. Has anyone gained any further understanding on this issue?

To add to this, this has been working in my app for 8 months or so, none of the code has been changed.

[tobbbles]

Have you recently reinstalled your dependencies? I've got a feeling you may be missing a dependency of passport-steam. Are you running NPM3?

[tobbbles]

Also, are you reverse proxying through NGINX or such?

[connorlurring]

Just reinstalled passport-steam on NPM3, no change.

[tobbbles]

1. From your production server, can you curl http://steamcommunity.com/openid? I've got a feeling that it may be a firewall/network issue.
2. If you can curl it, does grep node_modules/passport-steam/lib/ http://steamcommunity.com/openid turn any results? If not, can you post the output from cat node_modules/passport-steam/lib/passport-steam/strategy.js?
3. Are you reverse proxying through SSL, this may also cause issues.

[connorlurring]

Not reverse proxying.

I think you meant cat node_modules/passport-steam/lib/passport-steam/strategy.js | grep steamcommunity so I ran that and can confirm that it's present.

I can curl the url and I get the XML file so I don't think it's a firewall issue.

[tobbbles]

Yes, sorry - stressful day at work.

Do you have any middlewares, configs, or anything else we can use to get replicate the issue?

May I also ask for a full error log? If you're not comfortable with publicly posting the info feel free to email me.

[connorlurring]

I'm using express, express-session, the latest passport and the latest passport-steam.

The full log from launch to the second error at the callback (skipped the first for some reason) is as follows:

GET / 304 27.078 ms - -
GET /js/jquery.js 304 4.033 ms - -
GET /css/bootstrap.min.css 304 2.039 ms - -
GET /css/default.css 304 0.969 ms - -
GET /css/main.css 304 1.197 ms - -
GET /js/jquery.knob.js 304 1.149 ms - -
GET /js/jquery.nicescroll.js 304 0.599 ms - -
GET /js/default.js 304 0.422 ms - -
GET /images/twist_logo.png 304 0.741 ms - -
GET /images/steam_logo.png 304 0.586 ms - -
GET /images/bot.jpg 304 1.256 ms - -
GET /images/analyst-logo-small.png 304 0.568 ms - -
GET /images/twist_logo.png 304 0.630 ms - -
GET /fonts/arial-black.ttf 304 1.062 ms - -
GET /fonts/built-titling.ttf 304 0.725 ms - -
GET /fonts/arial.ttf 304 0.623 ms - -
GET /auth/steam 302 261.582 ms - 0
{ [InternalOpenIDError: Failed to verify assertion]
  name: 'InternalOpenIDError',
  message: 'Failed to verify assertion',
  openidError: { message: 'Invalid assertion response from provider' } }
GET /auth/steam/return?<openid blob> 500 290.357 ms - 278
{ [InternalOpenIDError: Failed to verify assertion]
  name: 'InternalOpenIDError',
  message: 'Failed to verify assertion',
  openidError: { message: 'No OpenID provider was discovered for the asserted claimed identifier' } }
GET /auth/steam/return?<openid blob> 500 73.641 ms - 307

The second error occurs if I refresh the error page and the site attempts to process the blob again.

Error when it fails to even load the steam oauth page for user sign-in:

{ [InternalOpenIDError: Failed to discover OP endpoint URL]
  name: 'InternalOpenIDError',
  message: 'Failed to discover OP endpoint URL',
  openidError: { message: 'No providers found for the given identifier' } }
GET /auth/steam 500 158.939 ms - 297

[tobbbles]

So looks like issue is that steam is returning an invalid URL/OpenID blob that's incompatible with the underlying OpenID dependencies. This means it's at Steam's end and not much we can do, maybe you could verify your API key, try on different machines/networks?

Going to do some extra digging in the meantime and ensure it's not an issue with the package.

See here: https://github.com/havard/node-openid/blob/7e605d0a85dfcadb1ea2102cb58241e83e29dae6/openid.js#L1241-L1244, essentially, Steam is giving you an error

[connorlurring]

It just seems rather strange with the error regarding not finding the endpoint.

[tobbbles]

True, took a bit of digging into the source to find it

[connorlurring]

Seems to be working on a different server, very strange. I'll take a dig through the server setup and see if I can resolve this. I'll post on this issue if I find a fix.

[tobbbles]

It could be a DNS issue, or possibly the server was IP blocked by Steam, though unlikely. Going to close the issue as it's resolved, although please do update if you find the direct cause.

[connorlurring]

Flushing the DNS followed by a system restart seemed to fix the issue.

[donjo9]

I have the same problem when ever i deploy to Firebase Functions, but not when running my local machine.

But i cant realy reboot the system and/or flush the DNS

[donjo9]

Never mind, dug a bit deeper, Firebase dont allow external API calls on free trier, upgrading to a paid plan fixed the issue

[dowmeister]

I have this error only on 1 server of 3.
Two servers work correctly, pointing directly the single server URL, fire the error.
i would appreciate if someone can point me in the right direction.

Express, Nodejs and packages are the same, only Ubuntu version is different, the not working server is newer. NTP is on and synced, the time is correct.

Thanks