This library is currently in Beta status and has not had a complete security review. We do not recommend using this library in production yet. As we move towards general availability, please be aware that releases may contain breaking changes. We will be monitoring the Issues queue here for feedback and questions. PRs and comments on existing PRs are welcome!

Documentation

Our Express Quickstart is the quickest way to get up and running from scratch.
Use the Examples for common configurations for use cases beyond the basics.
The API documentation details all configuration options, methods, and data that this library provides.
You can run the sample application to see how this SDK functions without writing your own integration.

Installation

This library is installed with npm:

npm i express-openid-connect --save

Getting Started

Follow our Secure Local Development guide to ensure that applications using this library are running over secure channels (HTTPS URLs). Applications using this library without HTTPS may experience "invalid state" errors.

The library needs the following required configuration keys to request and accept authentication. These can be configured in a .env file in the root of your application:

# .env

ISSUER_BASE_URL=https://YOUR_DOMAIN
CLIENT_ID=YOUR_CLIENT_ID
BASE_URL=https://YOUR_APPLICATION_ROOT_URL
APP_SESSION_SECRET=LONG_RANDOM_VALUE

... or in the library initialization:

// index.js

const { auth } = require("express-openid-connect");
app.use(
  auth({
    issuerBaseURL: "https://YOUR_DOMAIN",
    baseURL: "https://YOUR_APPLICATION_ROOT_URL",
    clientID: "YOUR_CLIENT_ID",
    appSession: {
      secret: "LONG_RANDOM_STRING"
    }
  })
);

With this basic configuration, your application will require authentication for all routes and store the user identity in an encrypted and signed cookie.

See the examples for route-specific authentication, custom application session handling, requesting and using access tokens for external APIs, and more.

See the API documentation for additional configuration possibilities and provided methods.

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

Contributions can be made to this library through PRs to fix issues, improve documentation or add features. Please fork this repo, create a well-named branch, and submit a PR with a complete template filled out.

Code changes in PRs should be accompanied by tests covering the changed or added functionality. Tests can be run for this library with:

npm install
npm test

When you're ready to push your changes, please run the lint command first:

npm run lint

Support + Feedback

Please use the Issues queue in this repo for questions and feedback.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

What is Auth0?

Auth0 helps you to easily:

implement authentication with multiple identity providers, including social (e.g., Google, Facebook, Microsoft, LinkedIn, GitHub, Twitter, etc), or enterprise (e.g., Windows Azure AD, Google Apps, Active Directory, ADFS, SAML, etc.)
log in users with username/password databases, passwordless, or multi-factor authentication
link multiple user accounts together
generate signed JSON Web Tokens to authorize your API calls and flow the user identity securely
access demographics and analytics detailing how, when, and where users are logging in
enrich user profiles from other data sources using customizable JavaScript rules

Why Auth0?

License

This project is licensed under the MIT license. See the LICENSE file for more info.

FAQs

What is express-openid-connect?

Is express-openid-connect popular?

Is express-openid-connect well maintained?

Package last updated on 27 Feb 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

express-openid-connect