@first-lego-league/idp
v1.0.6
Published
Identity Provider using jwt-redirection
Downloads
11
Keywords
Readme
IdP
Identity Provider based on the First Lego League Module Standard
Basic usage
Run using node server.js
or npm run start
Principle of operation
The JWT IdP is based upon the redirect binding in SAML, but simpler:
- The Service Provider(SP), weather using the SP library or not, redirects the user to the Identity Provider(IdP) login URL
<idp_url>/login?callbackUrl=<sp_callbackUrl>
. - The IdP authenticates the user and pulls its details out of the mongodb. NOTICE There is no verification on the callbackUrl parameter, or on the refferer of the redirection, and thereafore anyone can ask to use the IdP without authentication, but without the secret the IdP has, the SP cannot be sure the response was correct and protected.
- The IdP redirects to the callbackUrl parameter, adding to it the parameter
token
with the value of the JWT of the user, signed with the secret. The secret must be shared across servers upon startup.
Development
- Fork this repository
- make some changes
- create a Pull Request
- Wait for a CR from the code owner
- make sure everything is well
- merge
A few things to notice while developing:
- Use
yarn
notnpm
- Follow javascript standard as described here
- Keep the service lightweight
- Don't break API if not neccessary, and if you do, change the SP library accordingly.
- Be creative and have fun