New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

express-openid-connect

Package Overview
Dependencies
Maintainers
1
Versions
44
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-openid-connect

An Express.js middleware to protect OpenID Connect web applications.

Version published
Maintainers
1
Created
Source

Build Status

Note: use at your own risk, this project is on early stages. The api is changing a lot.

Express.js middleware for OpenID Relying Party (aka OAuth 2.0 Client).

The purpose of this middleware is to give a tool to our customers to easily add authentication to their applications, the goals for this project are:

  1. Secure by default:
  • The middleware implements the best practices to work with OpenID Connect providers.
  • All routes after the middleware require authentication by default.
  1. Simple setup: Pain-free configuration by using OpenID Connect metadata and the best defaults.
  2. Standard: The library is standard enough to work with many OpenID Connect providers.

Install

npm i express-openid-connect --save

Requirements

Before installing the routes,

Usage

Using the auth middleware:

const { auth } = require('express-openid-connect');

//insert your session and body parser middlewares here
// app.use(session());
// app.use(bodyParser());

app.use(auth())

app.use('/', (req, res) => {
  res.send(`hello ${req.openid.user.name}`);
});
  • Every route after the auth() requires authentication.
  • If a user try to access a resource without being authenticated, the application will trigger the authentication process. After completion the user is redirected back to the resource.
  • The application also gets a GET /login and GET /logout route for easy linking.

This application needs the following environment variables to work:

  • ISSUER_BASE_URL: The url of the issuer.
  • CLIENT_ID: The client id of the application.
  • BASE_URL: The url of your application. For development environments you can omit this.

For more examples check the EXAMPLES document.

The auth() middleware can be customized, please check the API document.

License

This project is licensed under the MIT license. See the LICENSE file for more info.

FAQs

Package last updated on 10 Dec 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts