This show case covers the OpenID integration in Node.js application using IBM App Id as facade for multiple OpenID/OAuth/Identity providers.
The main steps and examples are re-used from the IBM App ID SDK for Node.js: https://github.com/ibm-cloud-security/appid-serversdk-nodejs
-
Register for IBM Cloud (for free)
-
Create a new Service
IBM App Id
-
Select the created IBM App Id Service
-
Configure Identity Provider (here using SAML)
-
Select
Manage Authentication>Identity Providers -
Select
SAML 2.0 Federation -
Download the metadata file
-
Upload this into your Identity Provider System and retrieve information
Entity ID,Sign in URLandPrimary certificate
-
-
Create
Service credentialsfor your app-
Select
Service credentials -
Click
New credentialand enter name and role -
Use the following fields to use IBM App Id:
clientId,tenantId,oauthServerUrlandsecret
-
-
Register the redirect urls
-
Select IBM App Id Service
-
Select
Manage Authentication -
Select the 2nd tab
Authentication Settings -
Add the web redirect URL. In general this is the callback URL which will used in the
redirect_uriGET parameter
-
For testing the application locally
-
export the App ID parameters as environment variables and
-
add the redirect URL
http://127.0.0.1:5000/ibm/appid/callbackin IBM App Id
$ cat run.sh #!/bin/sh export OAUTH_URL="https://...." export CLIENT_SECRET="NW....." export CLIENT_ID="12312322-aaaa-bbbb-cccc-acavavav" export TENANT_ID="12312324-dddd-eeee-ffff-23123ace222" export REDIRECT_URL="http://127.0.0.1:5000" npm start $ ./run.sh > blueprint-nodejs@1.0.0 start ../nodejs-sso > node index.js [2020-07-04T15:37:34.965] [INFO] appid-sdk - Initialized [2020-07-04T15:37:35.226] [INFO] appid-WebAppStrategy-config - clientId 12312322-aaaa-bbbb-cccc-acavavav [2020-07-04T15:37:35.227] [INFO] appid-WebAppStrategy-config - tenantId 12312324-dddd-eeee-ffff-23123ace222 [2020-07-04T15:37:35.227] [INFO] appid-WebAppStrategy-config - secret [CANNOT LOG SECRET] [2020-07-04T15:37:35.227] [INFO] appid-WebAppStrategy-config - oauthServerUrl https://.... [2020-07-04T15:37:35.227] [INFO] appid-WebAppStrategy-config - redirectUri http://127.0.0.1:5000/ibm/appid/callback Node app is running at localhost:5000 [2020-07-04T15:39:54.372] [INFO] appid-public-key-util - Public keys updated [2020-07-04T15:39:54.379] [INFO] appid-token-util - token ver: 4 [2020-07-04T15:39:54.379] [INFO] appid-token-util - token version is valid [2020-07-04T15:39:54.379] [INFO] appid-token-util - token aud: 12312322-aaaa-bbbb-cccc-acavavav [2020-07-04T15:39:54.603] [INFO] appid-token-util - token iss: https://... [2020-07-04T15:39:54.603] [INFO] appid-token-util - token ver: 4 [2020-07-04T15:39:54.603] [INFO] appid-token-util - token version is valid [2020-07-04T15:39:54.603] [INFO] appid-token-util - token aud: 12312322-aaaa-bbbb-cccc-acavavav [2020-07-04T15:39:54.603] [INFO] appid-token-util - token iss: https://.... user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:77.0) Gecko/20100101 Firefox/77.0
Test the application
-
Main page, unrestricted http://127.0.0.1:5000/
-
Page displays auth profile details http://127.0.0.1:5000/webpage.html
-
Login URL http://127.0.0.1:5000/ibm/appid/login
-
Logout URL http://127.0.0.1:5000/ibm/appid/logout
-
Accessing a remote secured backend http://127.0.0.1:5000/secure/backend
-
Published as article: https://my.center-of.info/2020/07/08/showcase-node-js-and-app-id/
-
IBM Cloud Docu - IBM App Id: https://cloud.ibm.com/docs/appid?topic=appid-getting-started
-
IBM Cloud Docu - App Id + Node.js: https://cloud.ibm.com/docs/appid?topic=appid-web-node
-
IBM App Id SDK Node.js: https://github.com/ibm-cloud-security/appid-serversdk-nodejs
This article is licensed under the Apache License, Version 2. Separate third-party code objects invoked within this code pattern are licensed by their respective providers pursuant to their own separate licenses. Contributions are subject to the Developer Certificate of Origin, Version 1.1 and the Apache License, Version 2.
See also Apache License FAQ .