openidconnect-client
v1.3.0
Published
A test client for OpenID Connect providers
Downloads
1
Readme
OpenID Connect client
This is a demo implementation for testing OpenID Connect providers.
I recommend reading the OpenID Connect 1.0 Core spec for more information.
After a successful authentication, the user should be presented with his/her user profile data. If authentication fails, the user gets redirected to the home page.
Prerequisites
Install
git clone https://github.com/saschazar21/openidconnect-client
cd openidconnect-client
npm install
oryarn
Preparation
Make sure the needed environment variables listed in .env.sample
are properly set according to your desired OpenID Connect provider.
Either set them by copying the .env.sample
file to .env
and appending values to the listed variable keys or set them manually in the console:
$ ISSUER=... AUTH_URL=... CERT_URL=... (etc...) npm start
Sample configuration
A sample configuration of the necessary URLs in your .env
file would look like the following:
ISSUER=http://localhost:3000
AUTH_URL=http://localhost:3000/auth
CERT_URL=http://localhost:3000/certs
TOKEN_URL=http://localhost:3000/token
CALLBACK_URL=https://home.dev:3001/auth/callback
USER_URL=http://localhost:3000/me
All but CALLBACK_URL
of the above URLs are affecting the client's requests to the provider, therefore please check your current provider configuration. The CALLBACK_URL
must be equal to your client's settings at the provider and point to a route in your client configuration (the URL the provider will redirect authenticated requests to).
CAUTION: Never commit your secret keys in your git repo!
HTTPS support
If you have a valid key
& cert
file path set in your .env
file, the application automatically boots up an HTTPS-enabled server. Using this configuration, you'll have to explicitly use the https://
prefix, as there is no automatic redirect from http://
while the server is running.
DEBUG
Debugging may be turned on by setting the DEBUG
environment variable to openidconnect
:
$ DEBUG=openidconnect npm start
Another possibility would be to add this combination to your .env
file to automatically load it during testing.
Known issues
- When using the implicit flow as authentication process and the OP returns the token data using the
fragment
response mode, an endless loop of requests between the callback URLs might occur. This issue has been addressed here. Please make sure to use theform_post
response mode (uncomment in.env.sample
).
Contribution
Contributors welcome. While this project might just be here for testing you are free to fork it and create pull requests, if you fixed a bug or think an enhancement should be part of this project.
Credits
- @tj, @dougwilson et al for Express and related modules.
- @jaredhanson for Passport
- @panva for openid-client
- @motdotla for dotenv
License
MIT
Version history
- v1.3.0 HTTP request logs are more verbose now, discovered
fragment
response mode issue, added RESPONSE_MODE env & POST route config - v1.2.0 Enhanced environment variables to support different response types out of the box
- v1.1.0 Enhanced the setup to also support HTTPS when
key
andcert
are present - v1.0.0 Initial version