grant-oidc
v0.0.4
Published
OpenID Connect middleware for Grant
Downloads
89
Maintainers
Readme
grant-oidc
id_token
validation middleware for Grant
- IdP configuration discovery (no caching)
- IdP public keys discovery (no caching)
id_token
validation including its signature
Configuration
grant-oidc accepts your Grant configuration
Middlewares
For Express and Koa grant-oidc needs to be mounted after Grant, and before any of the callback URLs defined in your Grant configuration.
Express
var express = require('express')
var session = require('express-session')
var grant = require('grant-express') // or require('grant').express()
var oidc = require('grant-oidc').express()
var config = require('./config.json')
express()
.use(session({name: 'grant', secret: 'grant', saveUninitialized: true}))
.use(grant(config))
.use(oidc(config))
.get('/hi', (req, res) => {
res.end(JSON.stringify(req.session.grant.response, null, 2))
})
.listen(3000)
Koa
var Koa = require('koa')
var session = require('koa-session')
var grant = require('grant-koa') // or require('grant').koa()
var oidc = require('grant-oidc').koa()
var config = require('./config.json')
var app = new Koa()
app.keys = ['grant']
app.use(session(app))
app.use(grant(config))
app.use(oidc(config))
app.use((ctx, next) => {
if (ctx.path === '/hi') {
ctx.body = JSON.stringify(ctx.session.grant.response, null, 2)
}
})
app.listen(3000)
Hapi
var Hapi = require('hapi')
var yar = require('yar')
var grant = require('grant-hapi') // or require('grant').hapi()
var oidc = require('grant-oidc').hapi()
var config = require('./config.json')
var server = new Hapi.Server({host: 'localhost', port: 3000})
server.route({method: 'GET', path: '/hi', handler: (req, res) => {
return res.response(JSON.stringify(req.yar.get('grant').response, null, 2))
.header('content-type', 'text/plain')
}})
server.register([
{plugin: grant(), options: config},
{plugin: oidc(), options: config},
{plugin: yar, options: {cookieOptions: {password: '01234567890123456789012345678912', isSecure: false}}},
])
.then(() => server.start())
Example
{
"defaults": {
"protocol": "http",
"host": "localhost:3000",
"transport": "session",
"state": true,
"nonce": true,
"scope": [
"openid"
],
"callback": "/hi"
},
"asana": {"key": "...", "secret": "..."},
"auth0": {"key": "...", "secret": "..."},
"authentiq": {"key": "...", "secret": "..."},
"google": {"key": "...", "secret": "..."},
"ibm": {"key": "...", "secret": "..."},
"line": {"key": "...", "secret": "..."},
"microsoft": {"key": "...", "secret": "..."},
"okta": {"key": "...", "secret": "..."},
"onelogin": {"key": "...", "secret": "..."},
"paypal": {"key": "...", "secret": "..."},
"phantauth": {"key": "...", "secret": "..."},
"salesforce": {"key": "...", "secret": "..."},
"twitch": {"key": "...", "secret": "..."},
"yahoo": {"key": "...", "secret": "..." }
}
Quirks
Google issuer URL doesn't have protocol
Paypal issuer have different domain than the configuration URL
Paypal returns the
idp
configuration JSON with wrong content-typeAsana doesn't return
kid
in the header, and a single key is found injwks_uri
that should be pickedAsana doesn't honor the
nonce
parameter and doesn't embed it in theid_token