Monkey patching NodeJS code to use Ziti overlay

SDK Questions
1

Hi there,

has anyone of you ever tried monkey patching the NodeJS http module?
We have a node application for which we can't use the out of the box ziti-sdk-nodejs modules. E.g. we're authenticating clients using OIDC, so we need to connect to our IDP in the background using auth-js.
Pretty easy but not sure how we could run this through Ziti, since our IDP is zitified?

export const { handlers, signIn, signOut, auth } = NextAuth({
  // Keycloak ID, secret and base URL are automatically provided via environment variables,
  // see [https://authjs.dev/getting-started/authentication/oauth]
  providers: [Keycloak({
    profile(profile) {
      return {
        id: profile.sub,
        name: profile.name ?? profile.preferred_username,no-unsafe-member-access
        email: profile.email,
        roles: profile.roles ?? [],
      }
    },
  })],
  callbacks: {
    jwt({ token, user }) {
      if (user) { // User is available during sign-in
        token.id = user.id;
        token.roles = user.roles;
      }
      return token;
    },
    session({ session, token }) {
      session.user.id = token.id as string;
      session.user.roles = token.roles as string[];
      return session;
    },
  }
})

Any ideas or experiences are highly appreciated. For the same project, we're also running NextJS, so any experience in Zitifying a nextjs app in contrast to ExpressJS would be appreciated as well!

1 Like
2

Hi @dmuensterer No, I haven't monkey-patched the node http module itself. The closest thing is probably what I did in the ziti-sdk-nodejs to monkey-patch the Express server's listening capabilities (i.e. bind a Ziti Service, and then listen for incoming Ziti connections... as opposed to the traditional listen on a TCP port).

I find it interesting that you can only get to your IdP over Ziti. Most IdP flows/use cases I am familiar with involve an internet-facing IdP.