New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

oidp

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

oidp

A modular, extensible Open Identity Provider implementation designed for modern web and mobile applications. OIDP aims to make deploying secure, standards-compliant authentication and authorization infrastructure simple, pluggable, and transparent.

latest
Source
npmnpm
Version
0.0.1
Version published
Maintainers
1
Created
Source

Open Identity Provider (OIDP)

A modular, extensible Open Identity Provider implementation designed for modern web and mobile applications. OIDP aims to make deploying secure, standards-compliant authentication and authorization infrastructure simple, pluggable, and transparent.

Vision

  • Provide a lightweight, production-ready identity provider that implements OpenID Connect (OIDC) and OAuth 2.0 core flows.
  • Be highly extensible: easily swap storage, cryptography, and user management components.
  • Prioritize security, observability, and developer experience.
  • Offer first-class integration points for enterprise features (SSO, MFA, SCIM, and federation).

Key Features

  • Standards-compliant: OpenID Connect (Core) and OAuth 2.0 support.
  • Modular architecture: Pluggable adapters for storage, token signing, and identity sources.
  • Extensible authentication: Password, OAuth federation, social logins, and custom authenticators.
  • Secure by default: Strong defaults for token lifetimes, rotation, and key management.
  • Developer-friendly API: Simple SDK + REST admin API for client and user management.
  • Observability: Metrics and structured logs hooks for integrations with tracing and monitoring.
  • Enterprise features roadmap: MFA, SCIM provisioning, identity federation, and RBAC.

Quick Start

Install (npm):

npm install --save oidp

Basic usage (conceptual):

const OIDP = require('oidp');

const server = new OIDP({
  adapter: require('./adapters/sqlite-adapter'),
  issuer: 'https://auth.example.com',
  keys: require('./keys')
});

server.listen(3000);
console.log('OIDP running at http://localhost:3000');

This repo focuses on the package scaffold, docs, and architecture. Implementation examples and adapters live in the src/ directory (or will be added in follow-up releases).

Standards & Interop

  • OpenID Connect Core
  • OAuth 2.0 Authorization Framework
  • JSON Web Tokens (JWT)
  • PKCE for native/mobile clients

Security Considerations

  • Use a secure key management system (KMS) in production for signing keys.
  • Use HTTPS and ensure correct redirect URI validation for clients.
  • Rotate signing keys and adopt short-lived tokens with refresh strategies.

Contributing

We welcome contributions. Please open issues for feature requests or bugs and follow the contribution guidelines.

  • Fork the repo and create a feature branch
  • Add tests and documentation for new features
  • Open a PR and request reviews

Next Steps / Roadmap

License

MIT

Keywords

oidp
openid
identity
authentication
opic
oauth2

FAQs

Package last updated on 26 Jan 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026