Passport-OpenID Connect
Fork of Jared Hanson's Passport strategy for authenticating with OpenID Connect.
This module lets you authenticate using OpenID Connect in your Node.js applications. By plugging into Passport, OpenID Connect authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
Installation
npm install @techpass/passport-openidconnect
Usage
Setup
const passport = require("passport");
const OidcStrategy = require("@techpass/passport-openidconnect").Strategy;
passport.use(
"oidc",
new OidcStrategy(
{
issuer: "https://my-oidc-issuer.com",
authorizationURL: "https://my-oidc-issuer.com/oauth2/authorize",
tokenURL: "https://my-oidc-issuer.com/oauth2/token",
userInfoURL: "https://my-oidc-issuer.com/userinfo",
clientID: "my-oidc-client-id",
clientSecret: "my-oidc-client-secret",
callbackURL: "https://my-client-endpoint.com/auth/callback",
scope: "openid", // Optional values from OIDC spec: profile, email, address, phone
pkce: "S256" // Optional. Include to perform Proof Key Code Exchange else ignore. Possible values are "S256" || "plain"
originalReqProp: "query" // Optional. Extra state from any properties in the original auth request which will be sent back in the callback's request.query.state as a json string. Possible values are default properties in req such as path, params, query or any custom properties you assign into req
},
async (
issuer,
sub,
profile,
jwtClaims,
accessToken,
refreshToken,
idToken,
params,
done
) => {
User.findOrCreate(
{ exampleId: profile.id },
function (err, user) {
return done(err, user);
}
);
}
)
);
Options
If authorizationURL and tokenURL are undefined, dynamic OIDC metadata discovery will be attempted using the .well-known/openid-configuration
endpoint.
Express
app.get('/auth/login', passport.authenticate('oidc'));
app.get("/auth/callback", (req, res, next) => {
passport.authenticate("oidc", (err, user) => {
if (err || !user) {
return res.redirect("/error-callback"); // Or other error handling
}
// Create the express session, calls serializeUser
req.logIn(user, function(err) {
if (err) {
return next(err);
}
res.redirect("/success-callback");
});
})(req, res, next);
}
Credits
License
Copyright (c) 2011-2013 Jared Hanson <http://jaredhanson.net/>