sso-oidc v0.1.0

sso-oidc

Utility to instrument Single Sign-on (SSO) for Node.js and Express.

This project illustrates the basic client/server login flow for Single Page Applications (SPA) using Single Sign-in (SSO) with OpenID Connect (oidc).

The sso-oidc module is intended to be used with Express.js with cookie-session and body-parser middleware. The client implementation is framework agnostic.

Getting started

Server-side

yarn add sso-oidc body-parser cookie-session

It is recommended to read environment secrets using dotenv or a similar module.

yarn add dotenv

// server.js
import { json } from 'body-parser';
import session from 'cookie-session';
import express from 'express';
import Strategy from 'sso-oidc';

const app = express()
  .use(json())
  .use(
    session({
      maxAge: 1 * 60 * 1000, // 60 seconds
      name: 'sso-oidc',
      secret: '<SESSION_SECRET>'
    })
  );

const sso = new Strategy({
  redirectUri: '',
  redirectUriLocal: '',
  clientId: '',
  clientSecret: '',
  issuerId: '',
  tokenUrl: '',
  authUrl: '',
  introspectUrl: ''
});

// Returns the silent authorization url.
app.get('/authUrl', sso.getSilentAuthUrl);

// Checks if the current session is valid.
app.get('/check', sso.check);

// Authenticates user using the temporary code returned from silent authorization.
app.post('/callback', sso.token, sso.introspect, (req, res) => {
  res.send({ user_idd: req.session.user_id });
});

// Uses a wildcard to authenticate POST requests for a common, protected route.
app.post('/api/*', sso.protect);

// Resets `access_token`, `user_id` but persists session.
app.post('/api/logout', sso.destroy, ({}, res) => res.send({ success: true }));

Client-side

Refer to the create-react-app example for a basic client login flow using React hooks.

License

Apache 2.0