inoor-identityserver
v1.0.1
Published
Passport strategy for Inoor IdentityServer OpenID Connect Provider
Downloads
4
Maintainers
Readme
inoor-identityserver
Passport strategy for Inoor IdentityServer OpenID Connect Provider
Strategy
This strategy supports AuthorizationCode flow.
// Strategy allows you to overwrite the identifier.
// by default if you only give the constructor the config object.
const passport = require('passport');
const IdentityStrategy = require('inoor-identityserver').Strategy;
const session = require('express-session');
const MongoDBStore = require('connect-mongo')(session);
var store = new MongoDBStore({
url: 'mongo url',
collection: 'loginSessions',
stringify: true
});
passport.use(new IdentityStrategy('custom_name', {
configuration_endpoint: 'https://localhost:44333/.well-known/openid-configuration',
client_id: 'your_client_id',
client_secret: 'your_client_secret',
callback_url: '/login',
response_type: 'code id_token',
scopes: ['profile', 'offline_access'],
response_mode: 'form_post',
nonce: 'your_nonce',
transformIdentity: function(identity) {
return identity;
},
onEndSession: function(req, res) {
// shouldn't end or write to res since the framework will be redirecting.
// there just in case you need it.
}
}));
passport.serializeUser(function (user, done) {
//console.log(user);
done(null, user);
});
passport.deserializeUser(function (user, done) {
//console.log(user);
done(null, user);
});
app.use(session({
secret: 'your secret key',
resave: false,
saveUninitialized: false,
cookie: {
maxAge: 1000 * 60 * 60 * 24// 1 day * 7 // 1 week
},
store: store //connect-mongo or ...
}));
app.use(passport.initialize());
app.use(passport.session());
Single Sign In
router.get('/login', function (req, res, next) {
res.cookie('return', req.query.returnurl, { domain: 'your domain', path: '/' });
passport.authenticate('custom_name', function (err, user, info) {
if (err) {
return next(err);
}
if (!user) {
return res.redirect('/login');
}
req.logIn(user, function (err) {
if (err) {
return next(err);
}
return res.redirect('/' + user);
});
})(req, res, next);
});
router.post('/callback',
function (req, res, next) {
passport.authenticate('custom_name', function (err, userInfo, info) {
if (err) {
console.log(err);
//return next(err);
}
if (!userInfo) {
return res.send('Authentication Fail');
}
let token = req.session.tokens.access_token;
req.user = userInfo;
req.token = token;
})(req, res, next);
});
Single Sign out
This feature will redirect the user to identity server's logout feature to clear their SSO session
// This will also destroy express sessions if they are present.
app.get('/logout', function(req, res) {
passport._strategy('custom_name').endSession(req, res);
});
Profile
You can get the current user's profile data with the following
app.get('/', function(req, res) {
var strategy = passport._strategy('custom_name'),
profileScopes = ['profile'],
additionalClaims = null; // Optionally you can specify specific claims to request as an array of string.
res.writeHead(200, {
'Content-Type': 'text/html'
});
strategy.profile(req, profileScopes, additionalClaims, function(err, profile) {
res.end('<html><body>Logged in, <a href="/logout">Logout</a><pre>' + JSON.stringify(profile, null, 2) + '</pre></body></html>');
});
});