oidc-client-node

OpenID Connect (OIDC) node.js library

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
oidc-client-node
731.0.108 years ago9 years agoMinified + gzip package size for oidc-client-node in KB

Readme

oidc-client
OpenID Connect (OIDC) client server side library

Install

$ npm install oidc-client-node

Configuration Options

```javascript var oidcConfig = { scope: 'profile roles', clientid: 'implicitclient', callbackURL: '/auth/oidc/callback', // callback url, can be absolute or relative authority: 'https://localhost:50000/core'; //'--insert-your-openid-provider-domain-name-here--', responsetype: "idtoken token", responsemode: "formpost", scopeSeparator: ' ', verboselogging: true, httpSettings: { strictSSL = true } // optional http settings for Request }; ```

Local options

You can also set options on a per request basis and have those options merged in. For example: ```javascript var localOptions = { callbackURL: '/auth/oidc/callback', acr
values: "tenant:12" };
var oidcClient = new OidcClient(req, res, oidcConfig); oidcClient.mergeRequestOptions(req, localOptions); Note: You are currently required to merge request options (even if they are empty), otherwise the client may not work appropriately. ```

Implicit Flow Configuration Example

```javascript var oidcConfig = { scope: 'profile roles', clientid: 'implicitclient', callbackURL: '/auth/oidc/callback', authority: 'https://localhost:50000/core'; responsetype: "idtoken token", responsemode: "formpost", scopeSeparator: ' ', verboselogging: true }; ```

Code Flow Configuration Example

```javascript var oidcConfig = { scope: 'profile roles offline
access', // offline is not required for code flow, but is typically used in this flow to get refresh tokens clientid: 'implicitclient', callbackURL: '/auth/oidc/callback', authority: 'https://localhost:50000/core'; responsetype: "code", responsemode: "formpost", scopeSeparator: ' ', verboselogging: true }; ```

Wiring up your routes

Wire up your routes (this example uses req.body which was based on express / body parser) ```javascript app.get('/auth/oidc/login', function (req, res) {
var oidcClient = new OidcClient(req, res, oidcConfig);
var tokenRequest = oidcClient.createTokenRequestAsync();
tokenRequest.then(function (results) {
console.log('about to redirect');
res.redirect(results.url);  
}).catch(function(error){
console.log('error generating redirect url: ' + error);
});
}); app.post(/auth/oidc/callback, function (req, res) {
var oidcClient = new OidcClient(req, res, oidcConfig);
var tokenResponse = oidcClient.processResponseAsync(req.body);
tokenResponse.then(function (results) {
console.log(results);
}).catch(function(error) {
console.log('error parsing token response: ' + error);
});
console.log('Made it to the end of the response function');
}); ```

Response Example

Here's an example of all the possible data in a response. What values you get back will dependent on the flow as well as the identity provider you are integrating with. ```javascript { "profile": {
"sub": "1",
"name": "User"
}, "idtoken": "613bfdfc867a4a838784965582aecfbb", "accesstoken": "b976452d0cb94ced8825f3297bed2628", "refreshtoken": "62fd0a32fbc0496ab21e48835343b852", "expiresin": 360 } ```

Refreshing a token

Refreshing a token is very similar to the other scenarios, it still requires configuration of the oidc client. The main difference is that no call-back to a route occurs.

Refresh Token Configuration Example

```javascript var oidcConfig = { scope: 'profile roles', clientid: 'clientcredsclient', clientsecret: 'yoursecret', callbackURL: '/auth/oidc/callback', authority: 'https://localhost:50000/core'; scopeSeparator: ' ', verboselogging: true }; ```

Refresh Token Request Example

```javascript app.get('/token/refresh/', function(req, res) { var oidcClient = new OidcClient(req, res, oidcConfig); oidcClient.mergeRequestOptions(req, {}); var refreshToken = getRefreshToken(); // get the current refresh token you have persisted somewhere oidcClient.refreshAccessTokenAsync(refreshToken).then(function (tokenResponse) {
handleTokenResponse(tokenResponse); // do something with the token you received
res.redirect('/');
}); }); ```