Express.js middleware for OpenID Relying Party (aka OAuth 2.0 Client).
The purpose of this middleware is to give a tool to our customers to easily add authentication to their applications, the goals for this project are:
- Secure by default:
- The middleware implements the best practices to work with OpenID Connect providers.
- All routes after the middleware require authentication by default.
- Simple setup: Pain-free configuration by using OpenID Connect metadata and the best defaults.
- Standard: The library is standard enough to work with many OpenID Connect providers.
npm i express-openid-connect --save
Before installing the routes,
- a body parser middleware for urlencoded content, eg: https://www.npmjs.com/package/body-parser
- a session middleware like express-session or cookie-session.
- node v8 or higher
- express v3 or higher
Using the auth middleware:
const { auth } = require('express-openid-connect');
//insert your session and body parser middlewares here
// app.use(session());
// app.use(bodyParser());
app.use(auth())
app.use('/', (req, res) => {
res.send(`hello ${req.openid.user.name}`);
});- Every route after the
auth()requires authentication. - If a user try to access a resource without being authenticated, the application will trigger the authentication process. After completion the user is redirected back to the resource.
- The application also gets a
GET /loginandGET /logoutroute for easy linking.
This application needs the following environment variables to work:
ISSUER_BASE_URL: The url of the issuer.CLIENT_ID: The client id of the application.BASE_URL: The url of your application. For development environments you can omit this.
For more examples check the EXAMPLES document.
The auth() middleware can be customized, please check the API document.
This project is licensed under the MIT license. See the LICENSE file for more info.