• Stars
    star
    181
  • Rank 212,110 (Top 5 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created almost 12 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OpenID Connect authentication strategy for Passport and Node.js.

passport-openidconnect

Passport strategy for authenticating with OpenID Connect.

This module lets you authenticate using OpenID Connect in your Node.js applications. By plugging into Passport, OpenID Connect-based sign in can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

❤️ Sponsors

Install

$ npm install passport-openidconnect

Usage

Configure Strategy

The OpenID Connect authentication strategy authenticates users using their account at an OpenID Provider (OP). The strategy needs to be configured with the provider's endpoints, as well as a client ID and secret that has been issued by the provider to the app. Consult the provider's documentation for the locations of these endpoints and instructions on how to register a client.

The strategy takes a verify function as an argument, which accepts issuer and profile as arguments. issuer is set to an identifier for the OP. profile contains the user's profile information stored in their account at the OP. When authenticating a user, this strategy uses the OpenID Connect protocol to obtain this information via a sequence of redirects and back-channel HTTP requests to the OP.

The verify function is responsible for determining the user to which the account at the OP belongs. In cases where the account is logging in for the first time, a new user record is typically created automatically. On subsequent logins, the existing user record will be found via its relation to the OP account.

Because the verify function is supplied by the application, the app is free to use any database of its choosing. The example below illustrates usage of a SQL database.

var OpenIDConnectStrategy = require('passport-openidconnect');

passport.use(new OpenIDConnectStrategy({
    issuer: 'https://server.example.com',
    authorizationURL: 'https://server.example.com/authorize',
    tokenURL: 'https://server.example.com/token',
    userInfoURL: 'https://server.example.com/userinfo',
    clientID: process.env['CLIENT_ID'],
    clientSecret: process.env['CLIENT_SECRET'],
    callbackURL: 'https://client.example.org/cb'
  },
  function verify(issuer, profile, cb) {
    db.get('SELECT * FROM federated_credentials WHERE provider = ? AND subject = ?', [
      issuer,
      profile.id
    ], function(err, cred) {
      if (err) { return cb(err); }
      
      if (!cred) {
        // The account at the OpenID Provider (OP) has not logged in to this app
        // before.  Create a new user account and associate it with the account
        // at the OP.
        db.run('INSERT INTO users (name) VALUES (?)', [
          profile.displayName
        ], function(err) {
          if (err) { return cb(err); }
          
          var id = this.lastID;
          db.run('INSERT INTO federated_credentials (user_id, provider, subject) VALUES (?, ?, ?)', [
            id,
            issuer,
            profile.id
          ], function(err) {
            if (err) { return cb(err); }
            var user = {
              id: id,
              name: profile.displayName
            };
            return cb(null, user);
          });
        });
      } else {
        // The account at the OpenID Provider (OP) has previously logged in to
        // the app.  Get the user account associated with the account at the OP
        // and log the user in.
        db.get('SELECT * FROM users WHERE id = ?', [ cred.user_id ], function(err, row) {
          if (err) { return cb(err); }
          if (!row) { return cb(null, false); }
          return cb(null, row);
        });
      }
    });
  }
));

Define Routes

Two routes are needed in order to allow users to log in with their account at an OP. The first route redirects the user to the OP, where they will authenticate:

app.get('/login', passport.authenticate('openidconnect'));

The second route processes the authentication response and logs the user in, when the OP redirects the user back to the app:

app.get('/cb',
  passport.authenticate('openidconnect', { failureRedirect: '/login', failureMessage: true }),
  function(req, res) {
    res.redirect('/');
  });

Examples

  • todos-express-openidconnect

    Illustrates how to use the OpenID Connect strategy within an Express application.

  • todos-express-auth0

    Illustrates how to use the OpenID Connect strategy to integrate with Auth0 in an Express application. For developers new to Passport and getting started, a tutorial is available.

License

The MIT License

Copyright (c) 2011-2022 Jared Hanson <https://www.jaredhanson.me/>

More Repositories

1

passport

Simple, unobtrusive authentication for Node.js.
JavaScript
21,911
star
2

oauth2orize

OAuth 2.0 authorization server toolkit for Node.js.
JavaScript
3,417
star
3

passport-local

Username and password authentication strategy for Passport and Node.js.
JavaScript
2,669
star
4

passport-facebook

Facebook authentication strategy for Passport and Node.js.
JavaScript
1,281
star
5

connect-flash

Flash message middleware for Connect and Express.
JavaScript
1,225
star
6

passport-http-bearer

HTTP Bearer authentication strategy for Passport and Node.js.
JavaScript
946
star
7

locomotive

Powerful MVC web framework for Node.js.
JavaScript
892
star
8

passport-google-oauth2

Google authentication strategy for Passport and Node.js.
JavaScript
808
star
9

passport-google-oauth

Google authentication strategies for Passport and Node.js.
JavaScript
753
star
10

passport-oauth2

OAuth 2.0 authentication strategy for Passport and Node.js.
JavaScript
575
star
11

electrolyte

Elegant dependency injection for Node.js.
JavaScript
563
star
12

passport-github

GitHub authentication strategy for Passport and Node.js.
JavaScript
528
star
13

passport-twitter

Twitter authentication strategy for Passport and Node.js.
JavaScript
467
star
14

connect-ensure-login

Login session ensuring middleware for Connect and Express.
JavaScript
465
star
15

passport-http

HTTP Basic and Digest authentication strategies for Passport and Node.js.
JavaScript
265
star
16

passport-remember-me

Remember Me cookie authentication strategy for Passport and Node.js
JavaScript
217
star
17

oauthorize

OAuth service provider toolkit for Node.js.
JavaScript
200
star
18

deamdify

Browserify transform that converts AMD to CommonJS.
JavaScript
198
star
19

passport-instagram

Instagram authentication strategy for Passport and Node.js.
JavaScript
172
star
20

passport-totp

TOTP authentication strategy for Passport and Node.js.
JavaScript
147
star
21

passport-google

Google (OpenID) authentication strategy for Passport and Node.js.
JavaScript
146
star
22

passport-linkedin

LinkedIn authentication strategy for Passport and Node.js.
JavaScript
141
star
23

passport-oauth

OAuth 1.0 and 2.0 authentication strategies for Passport and Node.js.
JavaScript
117
star
24

passport-strategy

An abstract class implementing Passport's strategy API.
Makefile
107
star
25

junction

Essential XMPP middleware for Node.js.
JavaScript
105
star
26

passport-openid

OpenID authentication strategy for Passport and Node.js.
JavaScript
100
star
27

passport-oauth2-client-password

OAuth 2.0 client password authentication strategy for Passport and Node.js.
JavaScript
96
star
28

kerouac

Poetic static site generator for Node.js.
JavaScript
82
star
29

utils-merge

merge() utility function
JavaScript
71
star
30

passport-http-oauth

HTTP OAuth authentication strategy for Passport and Node.js.
JavaScript
70
star
31

bootable

Easy application initialization for Node.js.
JavaScript
68
star
32

oauth2orize-openid

Extensions to support OpenID Connect with OAuth2orize.
JavaScript
62
star
33

passport-anonymous

Anonymous authentication strategy for Passport and Node.js.
Makefile
59
star
34

passport-browserid

BrowserID authentication strategy for Passport and Node.js.
JavaScript
53
star
35

passport-webauthn

WebAuthn authentication strategy for Passport.
JavaScript
45
star
36

passport-soundcloud

SoundCloud authentication strategy for Passport and Node.js.
JavaScript
38
star
37

passport-amazon

Amazon authentication strategy for Passport and Node.js.
JavaScript
37
star
38

node-parent-require

Require modules from parent modules.
JavaScript
35
star
39

passport-windowslive

Windows Live authentication strategy for Passport and Node.js.
JavaScript
34
star
40

chai-passport-strategy

Helpers for testing Passport strategies with the Chai assertion library.
JavaScript
33
star
41

passport-fitbit

Fitbit authentication strategy for Passport and Node.js.
JavaScript
32
star
42

passport-tumblr

Tumblr authentication strategy for Passport and Node.js.
JavaScript
30
star
43

passport-dropbox

Dropbox authentication strategy for Passport and Node.js.
JavaScript
29
star
44

passport-paypal-oauth

PayPal (OAuth) authentication strategy for Passport and Node.js.
JavaScript
28
star
45

passport-bitbucket

Bitbucket authentication strategy for Passport and Node.js.
JavaScript
26
star
46

passport-oauth1

OAuth 1.0 authentication strategy for Passport and Node.js.
JavaScript
23
star
47

passport-foursquare

Foursquare authentication strategy for Passport and Node.js.
JavaScript
22
star
48

node-notifications

A mechanism for dispatching notifications within a Node.js program.
JavaScript
22
star
49

passport-goodreads

Goodreads authentication strategy for Passport and Node.js.
JavaScript
21
star
50

passport-yahoo-oauth

Yahoo! (OAuth) authentication strategy for Passport and Node.js.
JavaScript
19
star
51

passport-persona

Mozilla Persona authentication strategy for Passport and Node.js.
JavaScript
19
star
52

locomotive-mongoose

Mongoose datastore adapter for Locomotive.
JavaScript
18
star
53

passport-runkeeper

RunKeeper authentication strategy for Passport and Node.js.
JavaScript
18
star
54

node-jsonsp

JSON stream parser for Node.js.
JavaScript
17
star
55

node-jsonrpc-tcp

JSON-RPC over TCP for Node.js.
JavaScript
16
star
56

passport-intuit-oauth

Intuit (OAuth) authentication strategy for Passport and Node.js.
JavaScript
15
star
57

passport-evernote

Evernote authentication strategy for Passport and Node.js.
JavaScript
15
star
58

passport-ethereum

Ethereum authentication strategy for Passport.
JavaScript
15
star
59

passport-meetup

Meetup authentication strategy for Passport and Node.js.
JavaScript
15
star
60

passport-google-openidconnect

Google authentication strategy for Passport and Node.js.
JavaScript
14
star
61

crane

Diligent work queue for Node.js.
JavaScript
13
star
62

rivet

Efficient build tool utilizing JavaScript and Node.js.
JavaScript
13
star
63

connect-powered-by

X-Powered-By header middleware for Connect.
JavaScript
11
star
64

passport-yammer

Yammer authentication strategy for Passport and Node.js.
JavaScript
11
star
65

passport-hotp

HOTP authentication strategy for Passport and Node.js.
JavaScript
11
star
66

passport-paypal

PayPal (OpenID) authentication strategy for Passport and Node.js.
JavaScript
10
star
67

passport-intuit

Intuit (OpenID) authentication strategy for Passport and Node.js.
JavaScript
10
star
68

js-sasl

SASL mechanism factory.
JavaScript
10
star
69

node-tokens

Encode and decode security tokens.
JavaScript
9
star
70

draft-oauth-mfa

9
star
71

passport-openstreetmap

OpenStreetMap authentication strategy for Passport and Node.js.
JavaScript
9
star
72

node-servicelocator

Central location to register and locate services within a Node.js application.
JavaScript
9
star
73

passport-dwolla

Dwolla authentication strategy for Passport and Node.js.
JavaScript
9
star
74

todos-fastify-sqlite

Todo app built with Node.js, Fastify, and SQLite.
CSS
9
star
75

passport-angellist

AngelList authentication strategy for Passport and Node.js.
JavaScript
8
star
76

make-node

Useful makefiles for developing Node.js packages.
Makefile
8
star
77

chai-connect-middleware

Helpers for testing Connect middleware with the Chai assertion library.
JavaScript
8
star
78

todos-express-sqlite

Todo app built with Node.js, Express, and SQLite.
CSS
7
star
79

passport-familysearch

FamilySearch authentication strategy for Passport and Node.js.
JavaScript
7
star
80

oauth2orize-mfa

Multi-Factor Authentication exchanges for OAuth2orize.
JavaScript
6
star
81

flowstate

Per-request state management middleware.
JavaScript
6
star
82

suitcss-utils-space

Utility classes for low-level CSS spacing traits
CSS
6
star
83

passport-fido-u2f

FIDO U2F authentication strategy for Passport and Node.js.
JavaScript
6
star
84

passport-rdio

Rdio authentication strategy for Passport and Node.js.
JavaScript
6
star
85

passport-37signals

37signals authentication strategy for Passport and Node.js.
JavaScript
6
star
86

oauth2orize-pkce

Extensions to support Proof Key for Code Exchange with OAuth2orize.
JavaScript
6
star
87

node-ffi-ipmi

wrapping various ipmi related tools and libs for node via node-ffi @ https://github.com/rbranson/node-ffi.git
C
6
star
88

node-functionpool

Provides a pool of functions that can be used to execute tasks in Node.js.
JavaScript
5
star
89

connect-lrdd

Link-based Resource Descriptor Document (LRDD) middleware for Connect.
JavaScript
5
star
90

dotfiles

$HOME
Shell
5
star
91

passport-vimeo

Vimeo authentication strategy for Passport and Node.js.
JavaScript
5
star
92

amd-resolve

A hookable AMD module resolution implementation.
JavaScript
5
star
93

passport-ssl-certificate

SSL certificate authentication strategy for Passport and Node.js.
JavaScript
5
star
94

node-nks-fs

Secure key services.
JavaScript
5
star
95

marked-engine

Express-compatible Markdown rendering powered by marked.
JavaScript
5
star
96

chai-oauth2orize-grant

Helpers for testing OAuth2orize grants with the Chai assertion library.
JavaScript
5
star
97

oauth2orize-device-code

Extensions to support device flow with OAuth2orize.
JavaScript
5
star
98

oauth2orize-redelegate

Token redelegation and chaining exchange for OAuth2orize.
JavaScript
5
star
99

passport-web3

Web3 authentication strategy for Passport.
JavaScript
5
star
100

pocket

A simple, small, file system-based data store for Node.js.
JavaScript
4
star