Have ideas to improve npm?Join in the discussion! »

    sso-oidc
    TypeScript icon, indicating that this package has built-in type declarations

    0.1.0 • Public • Published

    sso-oidc

    Utility to instrument Single Sign-on (SSO) for Node.js and Express.

    This project illustrates the basic client/server login flow for Single Page Applications (SPA) using Single Sign-in (SSO) with OpenID Connect (oidc).

    The sso-oidc module is intended to be used with Express.js with cookie-session and body-parser middleware. The client implementation is framework agnostic.

    Getting started

    Server-side

    yarn add sso-oidc body-parser cookie-session

    It is recommended to read environment secrets using dotenv or a similar module.

    yarn add dotenv
    // server.js
    import { json } from 'body-parser';
    import session from 'cookie-session';
    import express from 'express';
    import Strategy from 'sso-oidc';
     
    const app = express()
      .use(json())
      .use(
        session({
          maxAge: 1 * 60 * 1000, // 60 seconds
          name: 'sso-oidc',
          secret: '<SESSION_SECRET>'
        })
      );
     
    const sso = new Strategy({
      redirectUri: '',
      redirectUriLocal: '',
      clientId: '',
      clientSecret: '',
      issuerId: '',
      tokenUrl: '',
      authUrl: '',
      introspectUrl: ''
    });
     
    // Returns the silent authorization url.
    app.get('/authUrl', sso.getSilentAuthUrl);
     
    // Checks if the current session is valid.
    app.get('/check', sso.check);
     
    // Authenticates user using the temporary code returned from silent authorization.
    app.post('/callback', sso.token, sso.introspect, (req, res) => {
      res.send({ user_idd: req.session.user_id });
    });
     
    // Uses a wildcard to authenticate POST requests for a common, protected route.
    app.post('/api/*', sso.protect);
     
    // Resets `access_token`, `user_id` but persists session.
    app.post('/api/logout', sso.destroy, ({}, res) => res.send({ success: true }));

    Client-side

    Refer to the create-react-app example for a basic client login flow using React hooks.

    License

    Apache 2.0

    Install

    npm i sso-oidc

    DownloadsWeekly Downloads

    7

    Version

    0.1.0

    License

    Apache-2.0

    Unpacked Size

    24.8 kB

    Total Files

    9

    Last publish

    Collaborators

    • avatar