okta · heidemn · Jul 19, 2019 · Jul 24, 2019
diff --git a/packages/oidc-middleware/src/ExpressOIDC.js b/packages/oidc-middleware/src/ExpressOIDC.js
@@ -15,6 +15,7 @@ const merge = require('lodash/merge');
 const oidcUtil = require('./oidcUtil');
 const connectUtil = require('./connectUtil');
 const logout = require('./logout');
+const Passport = require('passport').Passport;
 
 const {
   assertIssuer,
@@ -39,7 +40,7 @@ module.exports = class ExpressOIDC extends EventEmitter {
    * @param {string} options.issuer The OpenId Connect issuer
    * @param {string} options.client_id This app's OpenId Connect client id
    * @param {string} options.client_secret This app's OpenId Connect client secret
-   * @param {string} options.loginRedirectUri The location of the login authorization callback if not redirecting to this app 
+   * @param {string} options.loginRedirectUri The location of the login authorization callback if not redirecting to this app
    * @param {string} options.logoutRedirectUri The location of the logout callback if not redirecting to this app
    * @param {string} [options.scope=openid] The scopes that will determine the claims on the tokens
    * @param {string} [options.response_type=code] The OpenId Connect response type
@@ -111,7 +112,10 @@ module.exports = class ExpressOIDC extends EventEmitter {
 
     const context = {
       options,
-      emitter: this
+      emitter: this,
+      // Allow multiple instances of ExpressOIDC to co-exist by using a separate Passport instance for each context.
+      // This is useful e.g. in combination with the 'vhost' package.
+      passport: new Passport()
     };
 
     /**

diff --git a/packages/oidc-middleware/src/connectUtil.js b/packages/oidc-middleware/src/connectUtil.js
@@ -11,7 +11,6 @@
  */
 
 const csrf = require('csurf');
-const passport = require('passport');
 const { Router } = require('express');
 const querystring = require('querystring');
 const uuid = require('uuid');
@@ -22,6 +21,7 @@ const connectUtil = module.exports;
 
 // Create a router to easily add routes
 connectUtil.createOIDCRouter = context => {
+  const passport = context.passport;
   const routes = context.options.routes;
   const oidcRouter = new Router();
   oidcRouter.use(passport.initialize({ userProperty: 'userContext' }));
@@ -46,6 +46,7 @@ connectUtil.createOIDCRouter = context => {
 };
 
 connectUtil.createLoginHandler = context => {
+  const passport = context.passport;
   const passportHandler = passport.authenticate('oidc');
   const csrfProtection = csrf();
 
@@ -83,6 +84,7 @@ connectUtil.createLoginHandler = context => {
 };
 
 connectUtil.createLoginCallbackHandler = context => {
+  const passport = context.passport;
   const routes = context.options.routes;
   const customHandler = routes.loginCallback.handler;
 

diff --git a/packages/oidc-middleware/src/oidcUtil.js b/packages/oidc-middleware/src/oidcUtil.js
@@ -10,7 +10,6 @@
  * See the License for the specific language governing permissions and limitations under the License.
  */
 
-const passport = require('passport');
 const OpenIdClientStrategy = require('openid-client').Strategy;
 const Issuer = require('openid-client').Issuer;
 const ensureLoggedIn = require('connect-ensure-login').ensureLoggedIn;
@@ -68,6 +67,7 @@ oidcUtil.createClient = context => {
 };
 
 oidcUtil.bootstrapPassportStrategy = context => {
+  const passport = context.passport;
   const oidcStrategy = new OpenIdClientStrategy({
     params: {
       scope: context.options.scope