/payload-plugin-oidc

Add OpenID Connect (OIDC) sign in to your Payload CMS

Primary LanguageTypeScriptMIT LicenseMIT

OIDC plugin for Payload CMS

Software License Issues NPM

Features

  • Adds ability to sign in with your own OIDC provider
  • Adds sign in button on login page
  • Supports sign in and optional creation of user

Installation

npm install payload-plugin-oidc
# or
yarn add payload-plugin-oidc

Usage

// payload.config.ts
import { oidcPlugin } from 'payload-plugin-oidc';

export default buildConfig({
  serverURL: process.env.SERVER_URL,
  collections: [Users],
  plugins: [
    oidcPlugin({
      clientID: process.env.OIDC_CLIENT_ID,
      clientSecret: process.env.OIDC_CLIENT_SECRET,
      authorizationURL: `${process.env.OIDC_URI}/oidc/auth`,
      tokenURL: `${process.env.OIDC_URI}/oidc/token`,
      initPath: `/oidc/signin`,
      callbackPath: `/oidc/callback`,
      callbackURL: `${process.env.SELF_URL}/oidc/callback`,
      scope: 'openid offline_access profile email custom_data',
      mongoUrl: process.env.DATABASE_URI,
      components: {
        Button: SignInButton, //can be your own custom component
        position: "beforeLogin" //beforeLogin | afterLogin
      },
      userCollection: {
        slug: Users.slug,
        searchKey: 'email',
      },
      registerUserIfNotFound: true,
      async userinfo(accessToken) {
        const { data: user } = await axios.get(`${process.env.OIDC_URI}/oidc/me`, {
          headers: {
            Authorization: `Bearer ${accessToken}`,
          },
        });

        return {
          sub: user.sub,
          name: user.name,
          email: user.email,
          // You can use OIDC user custom data to get the role for this app
          role: user.custom_data?.my_app_role,

          // or you can do something like this
          // role: user.custom_data?.role ? 'admin' : 'editor',
        };
      },
    }),
  ],
});

Contributing

Contributions and feedback are very welcome.

To get it running:

  1. Clone the project.
  2. npm install
  3. npm run build

License

The MIT License (MIT). Please see License File for more information.