oidc-client
OpenID Connect (OIDC) client server side library
Install
$ npm install oidc-client-node
Configuration Options
var oidcConfig = scope: 'profile roles' client_id: 'implicit_client' callbackURL: '/auth/oidc/callback' // callback url, can be absolute or relative authority: 'https://localhost:50000/core'; //'--insert-your-openid-provider-domain-name-here--', response_type: "id_token token" response_mode: "form_post" scopeSeparator: ' ' verbose_logging: true httpSettings: strictSSL = true // optional http settings for Request;
Local options
You can also set options on a per request basis and have those options merged in. For example:
var localOptions = callbackURL: '/auth/oidc/callback' acr_values: "tenant:12"; var oidcClient = req res oidcConfig; oidcClient; **Note: You are currently required to merge request otherwise the client may not work appropriately**
Implicit Flow Configuration Example
var oidcConfig = scope: 'profile roles' client_id: 'implicit_client' callbackURL: '/auth/oidc/callback' authority: 'https://localhost:50000/core'; response_type: "id_token token" response_mode: "form_post" scopeSeparator: ' ' verbose_logging: true;
Code Flow Configuration Example
var oidcConfig = scope: 'profile roles offline_access' // offline is not required for code flow, but is typically used in this flow to get refresh tokens client_id: 'implicit_client' callbackURL: '/auth/oidc/callback' authority: 'https://localhost:50000/core'; response_type: "code" response_mode: "form_post" scopeSeparator: ' ' verbose_logging: true;
Wiring up your routes
Wire up your routes (this example uses req.body which was based on express / body parser)
app; app;
Response Example
Here's an example of all the possible data in a response. What values you get back will dependent on the flow as well as the identity provider you are integrating with.
"profile": "sub": "1" "name": "User" "id_token": "613bfdfc867a4a838784965582aecfbb" "access_token": "b976452d0cb94ced8825f3297bed2628" "refresh_token": "62fd0a32fbc0496ab21e48835343b852" "expires_in": 360
Refreshing a token
Refreshing a token is very similar to the other scenarios, it still requires configuration of the oidc client. The main difference is that no call-back to a route occurs.
Refresh Token Configuration Example
var oidcConfig = scope: 'profile roles' client_id: 'clientcreds_client' client_secret: 'your_secret' callbackURL: '/auth/oidc/callback' authority: 'https://localhost:50000/core'; scopeSeparator: ' ' verbose_logging: true;
Refresh Token Request Example
app;