verdaccio-openid-atabix

0.9.0 • Public • Published

verdaccio-openid

npm npm npm

About

This is a fork of a Verdaccio plugin that offers OIDC OAuth integration for both the browser and the command line.

This package differs from the verdaccio-openid package in that it doesn't throw an error when the oidc endpoint doesn't provide a roles claim.

Compatibility

  • Verdaccio 5, 6
  • Node 16, 18
  • Chrome, Firefox, Firefox ESR, Edge, Safari

Setup

Install

  1. Install globally
npm install -S verdaccio-openid
  1. Install to Verdaccio plugins folder

npm >= 7

mkdir -p ./install-here/
npm install --global-style \
  --bin-links=false --save=false --package-lock=false \
  --omit=dev --omit=optional --omit=peer \
  --prefix ./install-here/ \
  verdaccio-openid@latest
mv ./install-here/node_modules/verdaccio-openid/ /path/to/verdaccio/plugins/

Verdaccio Config

Merge the below options with your existing Verdaccio config:

middlewares:
  openid:
    enabled: true

auth:
  openid:
    provider-host: https://example.com # required, the host of oidc provider
    # configuration-uri: https://example.com/.well-known/openid-configuration # optional
    # issuer: https://example.com # optional, jwt issuer, use 'provider-host' when empty
    # authorization-endpoint: https://example.com/oauth/authorize # optional
    # token-endpoint: https://example.com/oauth/token # optional
    # userinfo-endpoint: https://example.com/oauth/userinfo # optional
    # jwks-uri: https://example.com/oauth/jwks # optional
    # scope: openid email groups # optional. custom scope, default is openid
    client-id: CLIENT_ID # optional, you can set it with environment variable 'VERDACCIO_OPENID_CLIENT_ID'
    client-secret: CLIENT_SECRET # optional, you can set it with environment variable 'VERDACCIO_OPENID_CLIENT_SECRET'
    username-claim: name # optional. username claim in openid, or key to get username in userinfo endpoint response, default is sub
    groups-claim: groups # optional. claim to get groups from
    # provider-type: gitlab # optional. define this to get groups from gitlab api
    # authorized-groups: # optional. user in array is allowed to login. use true to ensure user have at least one group, false means no groups check
    #  - access
    # group-users: # optional. custom the group users. eg. animal group has user tom and jack. if set, 'groups-claim' and 'provider-type' take no effect
    #   animal:
    #     - tom
    #     - jack

Now you can use the openid-connect auth in the webUI.

Environment Variables

Name Description
VERDACCIO_OPENID_CLIENT_ID OIDC client ID
VERDACCIO_OPENID_CLIENT_SECRET OIDC client secret

Token Expiration

To set the token expiration time, follow the instructions in the Verdaccio docs.

security:
  api:
    jwt:
      sign:
        expiresIn: 7d # npm token expiration
  web:
    sign:
      expiresIn: 7d # webUI token expiration

OpenID Callback URL

Auth with CLI

npx verdaccio-openid@latest --registry http://your-registry.com

Package Sidebar

Install

npm i verdaccio-openid-atabix

Weekly Downloads

3

Version

0.9.0

License

MIT

Unpacked Size

94.4 kB

Total Files

7

Last publish

Collaborators

  • atabixrdservice