@solid/oidc-rs
OpenID Connect Resource Server Authentication for Node.js
Last updated 2 months ago by michielbdejong .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install @solid/oidc-rs 
SYNC missed versions from official npm registry.

OpenID Connect Resource Server Authentication

OpenID Connect Resource Server Authentication for Node.js

Features

  • [x] OAuth 2.0 Bearer Token Usage (RFC 6750)
  • [x] JWT Access Token Validation (Specification pending)
  • [x] Issuer discovery (OpenID Connect Discovery)
  • [x] Dynamic key rotation (OpenID Connect Core)
  • [x] Multiple issuer support
  • [x] Scope validation
  • [x] Allow and deny access by "iss", "aud", and "sub" claims

Usage

Install

$ npm install @solid/oidc-rs

Require

const ResourceServer = require('@solid/oidc-rs')

ResourceServer

ResourceServer maintains a cache of provider metadata and JSON Web Keys for verifying signatures. Provider discovery and acquisition of keys takes place when a JWT access token is decoded. The provider metadata and JWK Set are cached in memory. Therefore no configuration is required.

const rs = new ResourceServer()

The provider cache can be serialized and persisted, then restored like so:

const providers = require('./providers.json')
ResourceServer.from({providers}).then(rs => /* ... */)

Global server authentication

const app = express()
app.use(rs.authenticate(options))

Route specific configuration

app.get('/endpoint', rs.authenticate(options), (req, res, next) => {})

Middleware Options

No configuration is required in order to start using this middleware. All options are optional.

rs.authenticate({
  realm: 'user',
  scopes: ['foo', 'bar'],
  allow: {
    issuers: ['https://forge.anvil.io'],
    audience: ['clientid1', 'clientid2'],
    subjects: ['userid1', 'userid2', 'useridn']
  },
  deny: { // probably want to use either allow or deny, but not both
    issuers: ['https://forge.anvil.io'],
    audience: ['clientid1', 'clientid2'],
    subjects: ['userid1', 'userid2', 'useridn']
  },
  handleErrors: false, // defaults to true
  tokenProperty: 'token',
  claimsProperty: 'claims'
})
  • realm – Value of "realm" parameter to use in WWW-Authenticate challenge header.
  • scopes – Array of scope values required to access this resource.
  • allow – Object with arrays of allowed issuers, audience and subjects.
  • deny – Object with arrays of restricted issuers, audience and subjects.
  • handleErrors – When set to false, error conditions will result in a call to next(), passing control to the application's error handling.
  • tokenProperty – Name of property on req to assign decoded JWT object. The property will not be set unless defined.
  • claimsProperty – name of property on req to assign verified JWT claims. Defaults to "claims".

Running tests

Nodejs

$ npm test

MIT License

The MIT License

Copyright (c) 2016 Anvil Research, Inc. Copyright (c) 2017-2019 The Solid Project

Current Tags

  • 0.5.4                                ...           latest (2 months ago)

8 Versions

  • 0.5.4                                ...           2 months ago
  • 0.5.3                                ...           2 months ago
  • 0.5.2                                ...           2 months ago
  • 0.5.1                                ...           2 months ago
  • 0.5.0                                ...           7 months ago
  • 0.4.0                                ...           a year ago
  • 0.3.3                                ...           2 years ago
  • 0.3.2                                ...           2 years ago
Downloads
Today 0
This Week 0
This Month 2
Last Day 0
Last Week 2
Last Month 29
Dependencies (5)
Dev Dependencies (8)

Copyright 2014 - 2017 © taobao.org |