0.1.0 • Published 4 years ago
sso-oidc v0.1.0
sso-oidc
Utility to instrument Single Sign-on (SSO) for Node.js and Express.
This project illustrates the basic client/server login flow for Single Page Applications (SPA) using Single Sign-in (SSO) with OpenID Connect (oidc).
The sso-oidc
module is intended to be used with Express.js with cookie-session and body-parser middleware. The client implementation is framework agnostic.
Getting started
Server-side
yarn add sso-oidc body-parser cookie-session
It is recommended to read environment secrets using dotenv or a similar module.
yarn add dotenv
// server.js
import { json } from 'body-parser';
import session from 'cookie-session';
import express from 'express';
import Strategy from 'sso-oidc';
const app = express()
.use(json())
.use(
session({
maxAge: 1 * 60 * 1000, // 60 seconds
name: 'sso-oidc',
secret: '<SESSION_SECRET>'
})
);
const sso = new Strategy({
redirectUri: '',
redirectUriLocal: '',
clientId: '',
clientSecret: '',
issuerId: '',
tokenUrl: '',
authUrl: '',
introspectUrl: ''
});
// Returns the silent authorization url.
app.get('/authUrl', sso.getSilentAuthUrl);
// Checks if the current session is valid.
app.get('/check', sso.check);
// Authenticates user using the temporary code returned from silent authorization.
app.post('/callback', sso.token, sso.introspect, (req, res) => {
res.send({ user_idd: req.session.user_id });
});
// Uses a wildcard to authenticate POST requests for a common, protected route.
app.post('/api/*', sso.protect);
// Resets `access_token`, `user_id` but persists session.
app.post('/api/logout', sso.destroy, ({}, res) => res.send({ success: true }));
Client-side
Refer to the create-react-app
example for a basic client login flow using React hooks.
License
0.1.0
4 years ago