Skip to main content

OpenID Certified: OAuth 2.0 Authorization Server implementation for Node.js

Oidc-provider is an OAuth 2.0 Authorization Server with OpenID Connect and many additional features and standards implemented.

Table of Contents

  • Implemented specs & features
  • Certification
  • Get started
  • Documentation & Configuration
  • Recipes
  • Debugging
  • Events

Implemented specs & features

The following specifications are implemented by oidc-provider. Note that not all features are enabled by default, check the configuration section on how to enable them.

The following draft specifications are implemented by oidc-provider.

Updates to draft specification versions are released as MINOR library versions, if you utilize these specification implementations consider using the tilde ~ operator in your package.json since breaking changes may be introduced as part of these version updates. Alternatively acknowledge the version and be notified of breaking changes as part of your CI.

Missing a feature? - If it wasn't already discussed before, ask for it.
Found a bug? - report it.

Certification

OpenID Certification
Filip Skokan has certified that oidc-provider conforms to the following profiles of the OpenID Connect™ protocol

auth0-logo
If you want to quickly add OpenID Connect authentication to Node.js apps, feel free to check out Auth0's Node.js SDK and free plan at auth0.com/overview.

Support

If you or your business use oidc-provider, please consider becoming a sponsor so I can continue maintaining it and adding new features carefree.

Get started

You may check the example folder or follow a step by step example to see which of those fits your desired application setup.

A feature-rich example configuration of oidc-provider is available for you to experiment with here. Dynamic Client Registration is open, you can literally register any client you want there. An example client using this provider is available here (uses openid-client).

Also be sure to check the available configuration docs section.

Documentation & Configuration

oidc-provider allows to be extended and configured in various ways to fit a variety of uses. See the documentation.

const { Provider } = require('oidc-provider');
const configuration = {
  // ... see available options /docs
  clients: [{
    client_id: 'foo',
    client_secret: 'bar',
    redirect_uris: ['http://lvh.me:8080/cb'],
    // + other client properties
  }],
};

const oidc = new Provider('http://localhost:3000', configuration);

// express/nodejs style application callback (req, res, next) for use with express apps, see /examples/express.js
oidc.callback

// koa application for use with koa apps, see /examples/koa.js
oidc.app

// or just expose a server standalone, see /examples/standalone.js
const server = oidc.listen(3000, () => {
  console.log('oidc-provider listening on port 3000, check http://localhost:3000/.well-known/openid-configuration');
});
import * as oidc from 'oidc-provider';

const configuration = {
  // ... see available options /docs
  clients: [{
    client_id: 'foo',
    client_secret: 'bar',
    redirect_uris: ['http://lvh.me:8080/cb'],
    // + other client properties
  }],
};

const provider = new oidc.Provider('http://localhost:3000', configuration);

// express/nodejs style application callback (req, res, next) for use with express apps, see /examples/express.js
provider.callback

// koa application for use with koa apps, see /examples/koa.js
provider.app

// or just expose a server standalone, see /examples/standalone.js
const server = provider.listen(3000, () => {
  console.log('oidc-provider listening on port 3000, check http://localhost:3000/.well-known/openid-configuration');
});

Recipes

Collection of useful configurations use cases are available over at recipes.

Debugging

oidc-provider uses the debug module internally to log information about various states of authentication requests, errors and grants. To see all these set the DEBUG environment variable to oidc-provider:* when launching your app.

There is no filter on what is included in the debug output, since it may end-user Personally identifiable information or client credentials its use is only advised for debugging, not regular logging. Use emitted events to cherry pick the one's of interest to your flows and form your own logs aware of what should and should not be a part of a logged message.

Events

Your oidc-provider instance is an event emitter, using event handlers you can hook into the various actions and i.e. emit metrics or that react to specific triggers. In some scenarios you can even change the defined behavior.
See the list of available emitted event names and their description.

Comments

Post a Comment

Popular posts from this blog

4 Ways to Communicate Across Browser Tabs in Realtime

1. Local Storage Events You might have already used LocalStorage, which is accessible across Tabs within the same application origin. But do you know that it also supports events? You can use this feature to communicate across Browser Tabs, where other Tabs will receive the event once the storage is updated. For example, let’s say in one Tab, we execute the following JavaScript code. window.localStorage.setItem("loggedIn", "true"); The other Tabs which listen to the event will receive it, as shown below. window.addEventListener('storage', (event) => { if (event.storageArea != localStorage) return; if (event.key === 'loggedIn') { // Do something with event.newValue } }); 2. Broadcast Channel API The Broadcast Channel API allows communication between Tabs, Windows, Frames, Iframes, and  Web Workers . One Tab can create and post to a channel as follows. const channel = new BroadcastChannel('app-data'); channel.postMessage(data); And oth...
Post a Comment
Read more

Certbot SSL configuration in ubuntu

  Introduction Let’s Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free  TLS/SSL certificates , thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. Currently, the entire process of obtaining and installing a certificate is fully automated on both Apache and Nginx. In this tutorial, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu 18.04 and set up your certificate to renew automatically. This tutorial will use a separate Apache virtual host file instead of the default configuration file.  We recommend  creating new Apache virtual host files for each domain because it helps to avoid common mistakes and maintains the default files as a fallback configuration. Prerequisites To follow this tutorial, you will need: One Ubuntu 18.04 server set up by following this  initial ...
Post a Comment
Read more

Working with Node.js streams

  Introduction Streams are one of the major features that most Node.js applications rely on, especially when handling HTTP requests, reading/writing files, and making socket communications. Streams are very predictable since we can always expect data, error, and end events when using streams. This article will teach Node developers how to use streams to efficiently handle large amounts of data. This is a typical real-world challenge faced by Node developers when they have to deal with a large data source, and it may not be feasible to process this data all at once. This article will cover the following topics: Types of streams When to adopt Node.js streams Batching Composing streams in Node.js Transforming data with transform streams Piping streams Error handling Node.js streams Types of streams The following are four main types of streams in Node.js: Readable streams: The readable stream is responsible for reading data from a source file Writable streams: The writable stream is re...
Post a Comment
Read more