0.5.0 • Published 4 years ago

spcp-oidc v0.5.0

Weekly downloads
-
License
ISC
Repository
github
Last release
4 years ago

spcp-oidc

npm package npm downloads npm dependencies GitHub issues

Helper library to use SingPass/CorpPass OIDC authentication.

Install via NPM

npm install spcp-oidc

Usage

import express from 'express';
import SCPC from 'spcp-oidc';

const app = express();

const singpass = new SPCP({
  type: 'singpass',
  clientId: 'your_clientId',
  clientSecret: 'your_clientSecret_given_by_spcp',
  redirectUri: 'https://www.youreservice.com/singpass/callback',
  spcpPublicCert: 'public_cert_given_by_spcp',
  ownPrivateKey: 'your_server_ssl_private_key',
  environment: 'production'
});

// Get authorize URI, front-end should redirect to the returned URL to login
app.get('/singpass/authorizeUri', (req, res) => {
  const url = singpass.getAuthorizeUri();
  res.json({ url });
});

// This is your redirectUri, SingPass will call this endpoint once user has successfully logged in
app.get('/singpass/callback', async (req, res) => {
  const { uinFin } = await singpass.callback(req.query);
  // You have user's UIN/FIN now, proceed to your own system's authentication and generate your own session or access token
});

Mock SPCP in Development/Testing Environment

import express from 'express';
import SCPC from 'spcp-oidc';

const app = express();

// clientId, clientSecret, spcpPublicCert & ownPrivateKey are not important for mock
const singpass = new SPCP({
  type: 'singpass',
  clientId: 'your_clientId',
  clientSecret: 'your_clientSecret_given_by_spcp',
  redirectUri: 'https://www.youreservice.com/singpass/bypass',
  spcpPublicCert: 'public_cert_given_by_spcp',
  ownPrivateKey: 'your_server_ssl_private_key',
  environment: 'mock',
  mockAuthorizeUri: 'https://www.youreservice.com/singpass/mock'
});

// Get authorize URI, front-end should redirect to the returned URL to login
app.get('/singpass/authorizeUri', (req, res) => {
  const url = singpass.getAuthorizeUri();
  res.json({ url });
});

// This is your redirectUri, mock page will call this endpoint once user has logged in
app.get('/singpass/bypass', async (req, res) => {
   const uinFin = req.query.uinFin;
  // You have the UIN/FIN which user entered through the mock login page, proceed to your own system's authentication and generate your own session or access token
});

// This is your mockAuthorizeUri, it will show a mock login page
app.get('/singpass/mock', (req, res) => {
  const html = singpass.getMockPassHtml();
  res.send(html);
});
spcpoidcsingpasscorppassauthenticationsingapore
fetch-with-proxyisomorphic-fetchnode-joserandomatic
0.6.0

4 years ago

0.5.0

4 years ago

0.4.0

4 years ago

0.3.0

4 years ago

0.2.0

4 years ago

0.1.0

4 years ago