@jywei/passport-openidconnect

v0.1.6

Published

3 years ago

OpenID Connect authentication strategy for Passport.

Downloads

0High
0Medium
0Low

jywei

auth authentication authn identity openid openidconnect passport

Passport-OpenID Connect

Fork of Jared Hanson's Passport strategy for authenticating with OpenID Connect.

This module lets you authenticate using OpenID Connect in your Node.js applications. By plugging into Passport, OpenID Connect authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Installation

npm install @jywei/passport-openidconnect

Usage

Setup

const passport = require("passport");
const OidcStrategy = require("@jywei/passport-openidconnect").Strategy;

passport.use(
  "oidc",
  new OidcStrategy(
    {
      issuer: "https://my-oidc-issuer.com",
      authorizationURL: "https://my-oidc-issuer.com/oauth2/authorize",
      tokenURL: "https://my-oidc-issuer.com/oauth2/token",
      userInfoURL: "https://my-oidc-issuer.com/userinfo",
      clientID: "my-oidc-client-id",
      clientSecret: "my-oidc-client-secret",
      callbackURL: "https://my-client-endpoint.com/auth/callback",
      scope: "openid" // Optional values from OIDC spec: profile, email, address, phone
    },
    async (
      issuer,
      sub,
      profile,
      jwtClaims,
      accessToken,
      refreshToken,
      idToken,
      params,
      done
    ) => {
      User.findOrCreate(
        { exampleId: profile.id },
        function (err, user) {
          return done(err, user);
        }
      );
    }
  )
);

Options

If authorizationURL and tokenURL are undefined, dynamic OIDC metadata discovery will be attempted using the .well-known/openid-configuration endpoint.

Express

app.get('/auth/login', passport.authenticate('oidc'));

app.get("/auth/callback", (req, res, next) => {
  passport.authenticate("oidc", (err, user) => {
    if (err || !user) { 
      return res.redirect("/error-callback"); // Or other error handling
    }
    // Create the express session, calls serializeUser
    req.logIn(user, function(err) {
      if (err) {
        return next(err);
      }
      res.redirect("/success-callback");
    });
  })(req, res, next);
}

Credits

Jared Hanson

License

The MIT License

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme