core-id
v0.3.0
Published
A service for managing authentication flows
Downloads
7
Readme
Core ID
Provides SSO functionality through the OpenID Connect flow.
Environment Variables
NODE_APP_DEVELOPERPORTALDOMAIN
- the domain of the developer portal to use when redirecting. Defaults to "https://ci-developer.condenast.io"
NODE_APP_PORT
- the port to run on. Defaults to 8080.
NODE_APP_GATEWAYHOSTNAME
- The hostname of the core gateway to use for auth. Defaults to "ci-api.condenast.io"
NODE_APP_HTTP_TIMEOUT
- The timeout, in milliseconds, for the provider to wait for HTTP requests to complete. Defaults to 15000.
NODE_APP_ISSUER
- The host where the issuer operates. Should equal the externally available hostname. Defaults to "http://localhost:8080"
NODE_DB_CONNECTION_USER
- The username to use when connecting to Postgres. Defaults to "postgres".
NODE_DB_CONNECTION_HOST
- The Postgres hostname. Defaults to "localhost".
NODE_DB_CONNECTION_DATABASE
- The Postgres database to use when querying. Defaults to "core-id".
NODE_ENV
- The environment. Defaults to "development".
NODE_OIDC_FEATURES_REGISTRATION
- A Boolean ("true" or "false") determining whether the OIDC provider supports dynamic registration. Defaults to "false".
NODE_OIDC_TTL_ACCESSTOKEN
- The TTL of the access token in seconds. Defaults to 3600.
NODE_OIDC_TTL_AUTHORIZATIONCODE
- The TTL of the authorization code in seconds. Defaults to 600.
NODE_OIDC_TTL_CLIENTCREDENTIALS
- The TTL of client credentials in seconds. Defaults to 600.
NODE_OIDC_TTL_IDTOKEN
- The TTL of the ID token in seconds. Defaults to 3600.
NODE_OIDC_TTL_REFRESHTOKEN
- The TTL of the refresh token in seconds. Defaults to 86400.
NODE_OIDC_TTL_REGISTRATIONACCESSTOKEN
- The TTL of the registration access token in seconds. Defaults to 3600.
NODE_OIDC_CLOCKTOLERANCE
- The amount of clock difference (in seconds) the provider is willing to accept between a Relying Party and itself
NODE_APP_TOKEN_MONITOR_TIMEOUT
- Timeout in milliseconds to wait between polling for unconsumed tokens
Metrics
| metric name | description |
|------------------------------------|---------------------------------------------------------|
| coreid.authentication.count
| Number of successful or unsuccessful authentications |
| coreid.events.token.count
| Number of token events emitted by provider |
| coreid.events.error.count
| Number of error events emitted by provider |
| coreid.events.success.count
| Number of success events emitted by provider |
| coreid.tokens.unconsumed.count
| Number of unconsumed tokens |
Certificates
If for any reason we need to generate new certificates, there is a script here to assist with that.