0.2.0 • Published 4 years ago
spcp-myinfo v0.2.0
spcp-myinfo
Helper library to use SingPass/CorpPass OIDC authentication & MyInfo Person Basic.
Install via NPM
npm install spcp-myinfo
Usage
import express from 'express';
import { SCPC, MyInfoGov } from 'spcp-myinfo';
const app = express();
const singpass = new SPCP({
type: 'singpass',
clientId: 'your_clientId',
clientSecret: 'your_clientSecret_given_by_spcp',
redirectUri: 'https://www.youreservice.com/singpass/callback',
spcpPublicCert: 'public_cert_given_by_spcp',
ownPrivateKey: 'your_server_ssl_private_key',
environment: 'production'
});
const myinfo = new MyInfoGov({
clientId: 'your_clientId',
singpassClientId: 'your_singpassClientId',
attributes: ['name', 'dob', 'sex'],
myinfoPublicCert: 'public_cert_given_by_myinfo',
ownPrivateKey: 'your_server_ssl_private_key',
environment: 'production'
});
// Get authorize URI, front-end should redirect to the returned URL to login
app.get('/singpass/authorizeUri', (req, res) => {
const url = singpass.getAuthorizeUri();
res.json({ url });
});
// This is your redirectUri, SingPass will call this endpoint once user has successfully logged in
app.get('/singpass/callback', async (req, res) => {
const { uinFin, accessToken } = await singpass.callback(req.query);
// You have user's UIN/FIN now, proceed to your own system's authentication and generate your own session or access token
// Get data from MyInfo
const person = await myinfo.getPersonBasic(uinFin, accessToken);
});
Mock SPCP in Development/Testing Environment
import express from 'express';
import { SCPC } from 'spcp-myinfo';
const app = express();
// clientId, clientSecret, spcpPublicCert & ownPrivateKey are not important for mock
const singpass = new SPCP({
type: 'singpass',
clientId: 'your_clientId',
clientSecret: 'your_clientSecret_given_by_spcp',
redirectUri: 'https://www.youreservice.com/singpass/bypass',
spcpPublicCert: 'public_cert_given_by_spcp',
ownPrivateKey: 'your_server_ssl_private_key',
environment: 'mock',
mockAuthorizeUri: 'https://www.youreservice.com/singpass/mock'
});
// Get authorize URI, front-end should redirect to the returned URL to login
app.get('/singpass/authorizeUri', (req, res) => {
const url = singpass.getAuthorizeUri();
res.json({ url });
});
// This is your redirectUri, mock page will call this endpoint once user has logged in
app.get('/singpass/bypass', async (req, res) => {
const uinFin = req.query.uinFin;
// You have the UIN/FIN which user entered through the mock login page, proceed to your own system's authentication and generate your own session or access token
});
// This is your mockAuthorizeUri, it will show a mock login page
app.get('/singpass/mock', (req, res) => {
const html = singpass.getMockPassHtml();
res.send(html);
});