Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
oidc-client
Advanced tools
The oidc-client npm package is a JavaScript library designed to handle OpenID Connect (OIDC) and OAuth2 protocols. It provides functionalities for user authentication, token management, and session handling in client-side applications.
User Authentication
This feature allows you to authenticate users via OIDC. The code sample demonstrates how to configure the UserManager with the necessary parameters and initiate a sign-in redirect.
const oidc = new Oidc.UserManager({
authority: 'https://example.com',
client_id: 'client_id',
redirect_uri: 'https://app.com/callback',
response_type: 'id_token token',
scope: 'openid profile api1'
});
oidc.signinRedirect();
Token Management
This feature handles token management, including retrieving the current user's tokens. The code sample shows how to get the current user and check if they are logged in.
oidc.getUser().then(function(user) {
if (user) {
console.log('User logged in', user);
} else {
console.log('User not logged in');
}
});
Session Handling
This feature manages user sessions, including handling events when a user is loaded or unloaded. The code sample demonstrates how to add event listeners for user session events.
oidc.events.addUserLoaded(function(user) {
console.log('User loaded', user);
});
oidc.events.addUserUnloaded(function() {
console.log('User logged out');
});
Passport is a popular authentication middleware for Node.js. It supports various authentication strategies, including OIDC and OAuth2. Unlike oidc-client, which is client-side focused, Passport is designed for server-side authentication.
Auth0.js is a client-side library for integrating with Auth0's authentication and authorization services. It provides similar functionalities to oidc-client, such as user authentication and token management, but is specifically tailored for use with Auth0.
OpenID Client is a server-side library for Node.js that implements the OpenID Connect and OAuth2 protocols. It offers comprehensive support for these protocols, similar to oidc-client, but is intended for server-side applications.
Library to provide OpenID Connect (OIDC) and OAuth2 protocol support for client-side, browser-based JavaScript client applications. Also included is support for user session and access token management.
Node.js v4.4 or later required.
npm install oidc-client --save
NOTE: if you're not already using babel-polyfill make sure you run
npm install --save babel-polyfill
as well. Then include it in your build.
If you don't use a package manager or a module loader, then you can get the library from the dist
folder on github here.
If you intend to use this library directly in a browser and are not using UMD/AMD then there is a compiled version in the ~/dist folder. It is already bundled/minified and contains the necessary dependencies and polyfills (mainly for ES6 features such as Promises).
If you are using UMD/AMD and/or you already have included an ES6 polyfill (such as babel-polyfill.js) then you can include the UMD packaged version of the file from the ~/lib folder.
git clone https://github.com/IdentityModel/oidc-client-js.git
cd oidc-client-js
npm install
npm run build
npm start
and then browse to http://localhost:5000.
npm test
Some initial docs are here.
All are welcome on the issue tracker.
FAQs
OpenID Connect (OIDC) & OAuth2 client library
The npm package oidc-client receives a total of 90,366 weekly downloads. As such, oidc-client popularity was classified as popular.
We found that oidc-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.