1. Advisor
  2. openid-client
  3. functions
  4. openid-client.Strategy
View all openid-client analysis

How to use the openid-client.Strategy function in openid-client

To help you get started, we’ve selected a few openid-client examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github onelogin / onelogin-oidc-node / 5. Auth Flow - PKCE / app.js View on Github external
});

    const params = {
      client_id: process.env.OIDC_CLIENT_ID,
      redirect_uri: process.env.OIDC_REDIRECT_URI,
      scope: 'openid profile',
    }

    const passReqToCallback = false; // optional, defaults to false, when true req is passed as a first
                                     // argument to verify fn

    const usePKCE = 'S256'; // optional, defaults to false, when true the code_challenge_method will be
                          // resolved from the issuer configuration, instead of true you may provide
                          // any of the supported values directly, i.e. "S256" (recommended) or "plain"

    passport.use('oidc', new Strategy({ client, params, passReqToCallback, usePKCE }, (tokenset, userinfo, done) => {
      console.log('tokenset', tokenset);
      console.log('access_token', tokenset.access_token);
      console.log('id_token', tokenset.id_token);
      console.log('claims', tokenset.claims);
      console.log('userinfo', userinfo);

      return done(null, userinfo)
    }));
  });
github ngageoint / mage-server / authentication / login-gov.js View on Github external
]).then(function([keystore, issuer]) {
    loginGov.issuer = issuer; // allow subsequent access to issuer.end_session_endpoint (required during RP-Initiated Logout)

    client = new issuer.Client({
      client_id: strategyConfig.client_id,
      token_endpoint_auth_method: 'private_key_jwt',
      id_token_signed_response_alg: 'RS256'
    }, keystore);

    client.CLOCK_TOLERANCE = 10;

    var params = getParams();
    passport.use('oidc-loa-1', new Strategy({client: client, params: params, passReqToCallback: true}, function(req, tokenset, userinfo, done) {
      userinfo.token = tokenset.id_token; // required for RP-Initiated Logout
      userinfo.state = params.state; // required for RP-Initiated Logout

      User.getUserByAuthenticationId('login-gov', userinfo.email, function(err, user) {
        if (err) return done(err);

        var email = userinfo.email;

        if (!user) {
          // Create an account for the user
          Role.getRole('USER_ROLE', function(err, role) {
            if (err) return done(err);

            var user = {
              username: email,
              displayName: email.split("@")[0],
github keattang / eks-auth-proxy / src / oidc.js View on Github external
const getPassportStrategy = async () => {
    if (passportStrategy !== undefined) {
        return Promise.resolve(passportStrategy);
    }

    const client = await getClient();

    const params = { scope: 'openid email' };
    const usePKCE = true; // optional, defaults to false, when true the code_challenge_method will be
    // resolved from the issuer configuration, instead of true you may provide
    // any of the supported values directly, i.e. "S256" (recommended) or "plain"

    passportStrategy = new Strategy(
        { client, params, usePKCE },
        handleAuthenticationSuccess
    );

    return passportStrategy;
};
github havfo / multiparty-meeting / server / server.js View on Github external
// client_id defaults to client.client_id
	// redirect_uri defaults to client.redirect_uris[0]
	// response type defaults to client.response_types[0], then 'code'
	// scope defaults to 'openid'
	const params = auth.clientOptions;
	
	// optional, defaults to false, when true req is passed as a first
	// argument to verify fn
	const passReqToCallback = false;
	
	// optional, defaults to false, when true the code_challenge_method will be
	// resolved from the issuer configuration, instead of true you may provide
	// any of the supported values directly, i.e. "S256" (recommended) or "plain"
	const usePKCE = false;

	oidcStrategy = new Strategy(
		{ client: oidcClient, params, passReqToCallback, usePKCE },
		(tokenset, userinfo, done) =>
		{
			const user =
			{
				id        : tokenset.claims.sub,
				provider  : tokenset.claims.iss,
				_userinfo : userinfo,
				_claims   : tokenset.claims
			};

			if (userinfo.picture != null)
			{
				if (!userinfo.picture.match(/^http/g))
				{
					user.picture = `data:image/jpeg;base64, ${userinfo.picture}`;
github weseek / growi / src / server / service / passport.js View on Github external
const clientId = configManager.getConfig('crowi', 'security:passport-oidc:clientId');
    const clientSecret = configManager.getConfig('crowi', 'security:passport-oidc:clientSecret');
    const redirectUri = (configManager.getConfig('crowi', 'app:siteUrl') != null)
      ? urljoin(this.crowi.appService.getSiteUrl(), '/passport/oidc/callback')
      : configManager.getConfig('crowi', 'security:passport-oidc:callbackUrl'); // DEPRECATED: backward compatible with v3.2.3 and below
    const oidcIssuer = await OIDCIssuer.discover(issuerHost);
    debug('Discovered issuer %s %O', oidcIssuer.issuer, oidcIssuer.metadata);

    const client = new oidcIssuer.Client({
      client_id: clientId,
      client_secret: clientSecret,
      redirect_uris: [redirectUri],
      response_types: ['code'],
    });

    passport.use('oidc', new OidcStrategy({
      client,
      params: { scope: 'openid email profile' },
    },
    ((tokenset, userinfo, done) => {
      if (userinfo) {
        return done(null, userinfo);
      }

      return done(null, false);

    })));

    this.isOidcStrategySetup = true;
    debug('OidcStrategy: setup is done');
  }
github DFEAGILEDEVOPS / MTC / admin / authentication / dfe-signin-strategy.js View on Github external
.then((issuer) => {
      logger.info('dfe sign on discovered successfully')
      const client = new issuer.Client({
        client_id: config.Auth.dfeSignIn.clientId,
        client_secret: config.Auth.dfeSignIn.clientSecret
      })
      if (config.Auth.dfeSignIn.clockToleranceSeconds && config.Auth.dfeSignIn.clockToleranceSeconds > 0) {
        client.CLOCK_TOLERANCE = config.Auth.dfeSignIn.clockToleranceSeconds
      }
      const dfeStrategy = new Strategy({
        client,
        params: {
          scope: config.Auth.dfeSignIn.openIdScope
        }
      }, async (tokenset, authUserInfo, done) => {
        try {
          // authUserInfo appears to be exactly the same as what client.userinfo returns 🤷‍♂️
          // let userInfo = await client.userinfo(tokenset.access_token)
          const userInfo = await dfeSigninService.initialiseUser(authUserInfo, tokenset)
          done(null, userInfo)
        } catch (error) {
          logger.error(error)
          done(error)
        }
      })
      passport.use(authModes.dfeSignIn, dfeStrategy)
github magma / magma / nms / app / fbcnms-packages / fbcnms-auth / strategies / OrganizationOIDCStrategy.js View on Github external
async req => {
      const client = await clientFromRequest(req);
      const redirectTo = Array.isArray(req.query.to) ? '/' : req.query.to;
      // $FlowFixMe: req.get exists and is typed, this is a bug in flow
      const host = req.get('host');

      return new OidcStrategy(
        {
          client,
          path: `${config.urlPrefix}/login/oidc/callback`,
          passReqToCallback: true,
          params: {
            redirect_uri:
              `https://${host}${config.urlPrefix}/login/oidc/callback?to=` +
              encodeURIComponent(redirectTo),
          },
        },
        verify,
      );
    },
  );

openid-client

OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs

GitHub
MIT
Latest version published 2 months ago

Package Health Score

88 / 100
Full package analysis

Popular openid-client functions

Similar packages