Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
oidc-client
Advanced tools
The oidc-client npm package is a JavaScript library designed to handle OpenID Connect (OIDC) and OAuth2 protocols. It provides functionalities for user authentication, token management, and session handling in client-side applications.
User Authentication
This feature allows you to authenticate users via OIDC. The code sample demonstrates how to configure the UserManager with the necessary parameters and initiate a sign-in redirect.
const oidc = new Oidc.UserManager({
authority: 'https://example.com',
client_id: 'client_id',
redirect_uri: 'https://app.com/callback',
response_type: 'id_token token',
scope: 'openid profile api1'
});
oidc.signinRedirect();
Token Management
This feature handles token management, including retrieving the current user's tokens. The code sample shows how to get the current user and check if they are logged in.
oidc.getUser().then(function(user) {
if (user) {
console.log('User logged in', user);
} else {
console.log('User not logged in');
}
});
Session Handling
This feature manages user sessions, including handling events when a user is loaded or unloaded. The code sample demonstrates how to add event listeners for user session events.
oidc.events.addUserLoaded(function(user) {
console.log('User loaded', user);
});
oidc.events.addUserUnloaded(function() {
console.log('User logged out');
});
Passport is a popular authentication middleware for Node.js. It supports various authentication strategies, including OIDC and OAuth2. Unlike oidc-client, which is client-side focused, Passport is designed for server-side authentication.
Auth0.js is a client-side library for integrating with Auth0's authentication and authorization services. It provides similar functionalities to oidc-client, such as user authentication and token management, but is specifically tailored for use with Auth0.
OpenID Client is a server-side library for Node.js that implements the OpenID Connect and OAuth2 protocols. It offers comprehensive support for these protocols, similar to oidc-client, but is intended for server-side applications.
Library to provide OpenID Connect (OIDC) and OAuth2 protocol support for client-side, browser-based JavaScript client applications. Also included is support for user session and access token management.
Node.js v4.4 or later required.
npm install oidc-client --save
NOTE: if you're not already using babel-polyfill make sure you run
npm install --save babel-polyfill
as well. Then include it in your build.
If you don't use a package manager or a module loader, then you can get the library from the dist
folder on github here.
If you intend to use this library directly in a browser and are not using UMD/AMD then there is a compiled version in the ~/dist folder. It is already bundled/minified and contains the necessary dependencies and polyfills (mainly for ES6 features such as Promises).
If you are using UMD/AMD and/or you already have included an ES6 polyfill (such as babel-polyfill.js) then you can include the UMD packaged version of the file from the ~/lib folder.
git clone https://github.com/IdentityModel/oidc-client-js.git
cd oidc-client-js
npm install
npm run build
npm start
and then browse to http://localhost:5000.
npm test
Some initial docs are here.
All are welcome on the issue tracker.
FAQs
OpenID Connect (OIDC) & OAuth2 client library
We found that oidc-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.