OpenID 1.1/2.0 library for node.js
OpenID for Node.js is (yes, you guessed it) an OpenID implementation for Node.js.
Highlights and features include:
The library can be reviewed and retrieved from GitHub.
If you use
npm, simply do
npm install openid.
Otherwise, you can grab the code from GitHub.
Here's a very simple server using OpenID for Node.js for authentication:
var openid = require'openid';var url = require'url';var querystring = require'querystring';var relyingParty ='' // Verification URL (yours)null // Realm (optional, specifies realm for OpenID authentication)false // Use stateless verificationfalse // Strict mode; // List of extensions to enable and includevar server = require'http'createServervar parsedUrl = urlparserequrl;ifparsedUrlpathname == '/authenticate'// User supplied identifiervar query = querystringparseparsedUrlquery;var identifier = queryopenid_identifier;// Resolve identifier, associate, and build authentication URLrelyingPartyauthenticateidentifier falseif errorreswriteHead200;resend'Authentication failed: ' + errormessage;else if !authUrlreswriteHead200;resend'Authentication failed';elsereswriteHead302 Location: authUrl ;resend;;else ifparsedUrlpathname == '/verify'// Verify identity assertion// NOTE: Passing just the URL is also possiblerelyingPartyverifyAssertionreqreswriteHead200;resend!error && resultauthenticated? 'Success :)': 'Failure :(';;else// Deliver an OpenID form on all other URLsreswriteHead200;resend'<!DOCTYPE html><html><body>'+ '<form method="get" action="/authenticate">'+ '<p>Login using OpenID</p>'+ '<input name="openid_identifier" />'+ '<input type="submit" value="Login" />'+ '</form></body></html>';;serverlisten80;
A more elaborate example including extensions can be found in
sample.js in the GitHub repository.
This library comes with built-in support for the following OpenID extensions:
To provide a way to save/load association state, you need to mix-in two functions in
saveAssociation(provider, type, handle, secret, expiry_time_in_seconds, callback)is called when a new association is established during authentication. The callback should be called with any error as its first argument (or
nullif no error occured).
loadAssociation(handle, callback)is used to retrieve the association identified by
handlewhen verification happens. The callback should be called with any error as its first argument (and
nullas the second argument), or an object with the keys
secretif the association was loaded successfully.
openid module includes default implementations for these functions using a simple object to store the associations in-memory.
The verification of a positive assertion (i.e. an authenticated user) can be sped up significantly by avoiding the need for additional provider discoveries when possible. In order to achieve, this speed-up, node-openid needs to cache its discovered providers. You can mix-in two functions to override the default cache, which is an in-memory cache utilizing a simple object store:
saveDiscoveredInformation(key, provider, callback) is used when saving a discovered provider. The following behavior is required:
keyparameter should be uses as a key for storing the provider - it will be used as the lookup key when loading the provider. (Currently, the key is either a claimed identifier or an OP-local identifier, depending on the OpenID context.)
callback(error)is called with
errorbeing an error object specifying what failed.
loadDiscoveredInformation(key, callback) is used to load any previously discovered information about the provider for an identifier. The following behavior is required:
callback(null, null)is called (i.e. it is not an error to not have any data to return).
callback(error, null)is called with
errorbeing an error string specifying why loading failed.
callback(null, provider)is called with the exact provider object that was previously stored using
node-openid makes HTTP and HTTPS requests during authentication. You can have these
requests go through a proxy server, by using the following environment variables:
OpenID for Node.js is licensed under the MIT license. See LICENSE for further details.
The libary includes bigint functionality released by Tom Wu under the BSD license,
and Base64 functions released by Nick Galbreath under the MIT license. Please see
lib/base64.js for the details of the licenses for these functions.