Passport-OpenID Connect

Fork of Jared Hanson's Passport strategy for authenticating
with OpenID Connect.

This module lets you authenticate using OpenID Connect in your Node.js
applications. By plugging into Passport, OpenID Connect authentication can be
easily and unobtrusively integrated into any application or framework that
supports Connect-style middleware,
including Express.

Installation

bash

npm install @techpass/passport-openidconnect





Usage



$3

javascript

const passport = require("passport");

const OidcStrategy = require("@mstrhakr/passport-generic-oidc").Strategy;



passport.use(

  "oidc",

  new OidcStrategy(

    {

      issuer: "https://my-oidc-issuer.com",

      authorizationURL: "https://my-oidc-issuer.com/oauth2/authorize",

      tokenURL: "https://my-oidc-issuer.com/oauth2/token",

      userInfoURL: "https://my-oidc-issuer.com/userinfo",

      clientID: "my-oidc-client-id",

      clientSecret: "my-oidc-client-secret",

      callbackURL: "https://my-client-endpoint.com/auth/callback",

      scope: "openid", // Optional values from OIDC spec: profile, email, address, phone

      pkce: "S256" // Optional. Include to perform Proof Key Code Exchange else ignore. Possible values are "S256" || "plain"

      originalReqProp: "query" // Optional. Extra state from any properties in the original auth request which will be sent back in the callback's request.query.state as a json string. Possible values are default properties in req such as path, params, query or any custom properties you assign into req

    },

    async (

      issuer,

      sub,

      profile,

      jwtClaims,

      accessToken,

      refreshToken,

      idToken,

      params,

      done

    ) => {

      User.findOrCreate(

        { exampleId: profile.id },

        function (err, user) {

          return done(err, user);

        }

      );

    }

  )

);





$3



If authorizationURL and tokenURL are undefined, dynamic OIDC metadata discovery will be attempted using the

.well-known/openid-configuration

 endpoint.



$3

javascript

app.get('/auth/login', passport.authenticate('oidc'));



app.get("/auth/callback", (req, res, next) => {

  passport.authenticate("oidc", (err, user) => {

    if (err || !user) { 

      return res.redirect("/error-callback"); // Or other error handling

    }

    // Create the express session, calls serializeUser

    req.logIn(user, function(err) {

      if (err) {

        return next(err);

      }

      res.redirect("/success-callback");

    });

  })(req, res, next);

}

Credits

- Jared Hanson

License

The MIT License

Copyright (c) 2011-2013 Jared Hanson <http://jaredhanson.net/>

Installation

bash
npm install @techpass/passport-openidconnect

Usage

$3

javascript
const passport = require("passport");
const OidcStrategy = require("@mstrhakr/passport-generic-oidc").Strategy;

passport.use(
"oidc",
new OidcStrategy(
{
issuer: "https://my-oidc-issuer.com",
authorizationURL: "https://my-oidc-issuer.com/oauth2/authorize",
tokenURL: "https://my-oidc-issuer.com/oauth2/token",
userInfoURL: "https://my-oidc-issuer.com/userinfo",
clientID: "my-oidc-client-id",
clientSecret: "my-oidc-client-secret",
callbackURL: "https://my-client-endpoint.com/auth/callback",
scope: "openid", // Optional values from OIDC spec: profile, email, address, phone
pkce: "S256" // Optional. Include to perform Proof Key Code Exchange else ignore. Possible values are "S256" || "plain"
originalReqProp: "query" // Optional. Extra state from any properties in the original auth request which will be sent back in the callback's request.query.state as a json string. Possible values are default properties in req such as path, params, query or any custom properties you assign into req
},
async (
issuer,
sub,
profile,
jwtClaims,
accessToken,
refreshToken,
idToken,
params,
done
) => {
User.findOrCreate(
{ exampleId: profile.id },
function (err, user) {
return done(err, user);
}
);
}
)
);

$3

If authorizationURL and tokenURL are undefined, dynamic OIDC metadata discovery will be attempted using the

endpoint.

$3

javascript
app.get('/auth/login', passport.authenticate('oidc'));

app.get("/auth/callback", (req, res, next) => {
passport.authenticate("oidc", (err, user) => {
if (err || !user) {
return res.redirect("/error-callback"); // Or other error handling
}
// Create the express session, calls serializeUser
req.logIn(user, function(err) {
if (err) {
return next(err);
}
res.redirect("/success-callback");
});
})(req, res, next);
}