oidc-node-stateless
v1.1.1
Published
Stateless openid-connect for node
Downloads
2
Readme
oidc-node-stateless
Stateless openid-connect for node
Express middlewares to connect to OIDC without need of persisted session in redis or others.
- Sets a session cookie using a JWT containing information from the OIDC userinfo endpoint.
- Built with openid-client.
- Refreshes the session if a refresh token was provided.
- Supports RP-Initiated Logout.
The standard oidc workflow is as follows:
GET /
unprotected page is displayed- User navigates to
/login
which redirects to OIDC Server for user authentication. - User logs in with username, password; OIDC Server redirects to
redirectUrl
. GET /?code={code}
login middleware exchanges code with access, refresh and id token from OIDC Server.- login middleware calls userinfo endpoint and creates JWT session token.
- session token is set as session cookie and is used for further user authorization.
- Payload of session cookie JWT is accessible at
req.session
See ./example/index.js for a functional example.
import cookieParser from 'cookie-parser'
import { login, protect, Jwt } from 'oidc-node-stateless'
const app = express()
app.use(
httpsRedirect({ newHost: `localhost:3000` }),
cookieParser(),
login({
jwt: new Jwt({ secret: 'kitten' }),
serverUrl: 'http://localhost:8080/oidc',
clientId: 'client-id',
clientSecret: 'secret',
redirectUrl: 'https://localhost:3000',
claims: ['aud', 'azp']
})
)
app.get('/', (req, res) => res.end('home'))
app.get('/protected', protected(), (req, res) => res.end('protected'))
app.listen(80)
https.createServer(app, { cert: '..', key: '...' }).listen(3000)
Example
- Clone and install packages with
npm install
- Start the provided oidc test server
npm run server
- Run the sample with
npm start
- https://localhost:3000