Verdaccio-openid NPM

verdaccio-openid

About

This is a Verdaccio plugin that offers OIDC OAuth integration for both the browser and the command line.

Compatibility

Verdaccio 5, 6
Node 16, 18
Chrome, Firefox, Firefox ESR, Edge, Safari

Setup

Install

Install globally
```
npm install -S verdaccio-openid
```

Install to Verdaccio plugins folder

npm >= 7

mkdir -p ./install-here/
npm install --global-style \
  --bin-links=false --save=false --package-lock=false \
  --omit=dev --omit=optional --omit=peer \
  --prefix ./install-here/ \
  verdaccio-openid@latest
mv ./install-here/node_modules/verdaccio-openid/ /path/to/verdaccio/plugins/

Verdaccio Config

Merge the below options with your existing Verdaccio config:

middlewares:
  openid:
    enabled: true

auth:
  openid:
    provider-host: https://example.com # required, the host of oidc provider
    # configuration-uri: https://example.com/.well-known/openid-configuration # optional
    # issuer: https://example.com # optional, jwt issuer, use 'provider-host' when empty
    # authorization-endpoint: https://example.com/oauth/authorize # optional
    # token-endpoint: https://example.com/oauth/token # optional
    # userinfo-endpoint: https://example.com/oauth/userinfo # optional
    # jwks-uri: https://example.com/oauth/jwks # optional
    # scope: openid email groups # optional. custom scope, default is openid
    client-id: CLIENT_ID # optional, you can set it with environment variable 'VERDACCIO_OPENID_CLIENT_ID'
    client-secret: CLIENT_SECRET # optional, you can set it with environment variable 'VERDACCIO_OPENID_CLIENT_SECRET'
    username-claim: name # optional. username claim in openid, or key to get username in userinfo endpoint response, default is sub
    groups-claim: groups # optional. claim to get groups from
    # provider-type: gitlab # optional. define this to get groups from gitlab api
    # authorized-groups: # optional. user in array is allowed to login. use true to ensure user have at least one group, false means no groups check
    #  - access
    # group-users: # optional. custom the group users. eg. animal group has user tom and jack. if set, 'groups-claim' and 'provider-type' take no effect
    #   animal:
    #     - tom
    #     - jack

Now you can use the openid-connect auth in the webUI.

Environment Variables

Name	Description
`VERDACCIO_OPENID_CLIENT_ID`	OIDC client ID
`VERDACCIO_OPENID_CLIENT_SECRET`	OIDC client secret

Token Expiration

To set the token expiration time, follow the instructions in the Verdaccio docs.

security:
  api:
    jwt:
      sign:
        expiresIn: 7d # npm token expiration
  web:
    sign:
      expiresIn: 7d # webUI token expiration

OpenID Callback URL

Auth with CLI

npx verdaccio-openid@latest --registry http://your-registry.com

verdaccio oidc openid authentication oauth oauth2 ui

@gitbeaker/node @isaacs/ttlcache @verdaccio/auth @verdaccio/config @verdaccio/core @verdaccio/signature @verdaccio/url debug deepmerge dotenv express global-agent minimist open openid-client yup

@everything-registry/sub-chunk-3048

2 months ago

5 months ago

7 months ago

7 months ago

10 months ago

10 months ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago