npm
Sign UpSign In

sso-oidc
TypeScript icon, indicating that this package has built-in type declarations

0.1.0 • Public • Published

sso-oidc

Utility to instrument Single Sign-on (SSO) for Node.js and Express.

This project illustrates the basic client/server login flow for Single Page Applications (SPA) using Single Sign-in (SSO) with OpenID Connect (oidc).

The sso-oidc module is intended to be used with Express.js with cookie-session and body-parser middleware. The client implementation is framework agnostic.

Getting started

Server-side

yarn add sso-oidc body-parser cookie-session

It is recommended to read environment secrets using dotenv or a similar module.

yarn add dotenv
// server.js
import { json } from 'body-parser';
import session from 'cookie-session';
import express from 'express';
import Strategy from 'sso-oidc';
 
const app = express()
  .use(json())
  .use(
    session({
      maxAge: 1 * 60 * 1000, // 60 seconds
      name: 'sso-oidc',
      secret: '<SESSION_SECRET>'
    })
  );
 
const sso = new Strategy({
  redirectUri: '',
  redirectUriLocal: '',
  clientId: '',
  clientSecret: '',
  issuerId: '',
  tokenUrl: '',
  authUrl: '',
  introspectUrl: ''
});
 
// Returns the silent authorization url.
app.get('/authUrl', sso.getSilentAuthUrl);
 
// Checks if the current session is valid.
app.get('/check', sso.check);
 
// Authenticates user using the temporary code returned from silent authorization.
app.post('/callback', sso.token, sso.introspect, (req, res) => {
  res.send({ user_idd: req.session.user_id });
});
 
// Uses a wildcard to authenticate POST requests for a common, protected route.
app.post('/api/*', sso.protect);
 
// Resets `access_token`, `user_id` but persists session.
app.post('/api/logout', sso.destroy, ({}, res) => res.send({ success: true }));

Client-side

Refer to the create-react-app example for a basic client login flow using React hooks.

License

Apache 2.0

Readme

Keywords

Package Sidebar

Install

npm i sso-oidc

Repository

github.com/ibm/sso-oidc

Homepage

github.com/ibm/sso-oidc

Weekly Downloads

0

Version

0.1.0

License

Apache-2.0

Unpacked Size

24.8 kB

Total Files

9

Last publish

Collaborators

  • metonym
Try on RunKit
Report malware