This is a fully functional OAuth 2 server implementation, with support for OpenID Connect specification. Based on https://github.com/ammmir/node-oauth2-provider.
Major rewrite. Now we use modelling for Model part.
Install via npm:
npm install openid-connect
You can add it to your Connect or Express application as another middleware.
Be sure to enable the bodyParser
and query
middleware.
To use it inside your project, just do:
var oidc = require('openid-connect').oidc(options);
and then, for example, with express
app.get('/authorization', oidc.auth());
When you require openid-connect, you may specify options. If you specify them, it must be with a json object with the following properties (all of them are optional):
-
login_url
URL where login form can be found. Defaults to "/login".
-
consent_url
URL where consent form can be found. Defaults to "/consent".
-
scopes
Json object of type { scope name: scope description, ... } used to define custom scopes.
-
models
Models as described in modelling.
Actually OpenIDConnect defines 6 models:
- user: Where user data is stored (email, password, etc).
- client: Where user can register a client app that will use your project for authentication/authorization.
- consent: Where user consent of certain scopes for a particular client is stored.
- auth: Where authorization data is stored (token, expiration date, etc).
- access: Where access data is stored (token, expiration date, etc).
- refresh: Where refresh data is stored (token, expiration date, etc).
You can overwrite any part of any model of OpenIDConnect, or overwrite all of them.
If you overwrite user model, the new model should conform with OpenID Connect Standard Claims, in order to comply with the spec.
-
adapters
Adapters as described in modelling.
-
connections
Connections as described in modelling.
-
policies
Policies as described in modelling.
-
alien
You can use your own Waterline collections with OpenIDConnect.
If you define an alien collection with the same name of one of the models in OpenIDConnect, the last one will be replaced.
For example:
var orm = new Waterline(); var MyUserModel = Waterline.collection.extend({ identity: 'user', //Collection definition here. }); var MyUsersCarModel = Waterline.collection.extend({ identity: 'car', //Collection definition here. }); var config = { collections: { user: MyUserModel, //replace OpenIDConnect user model. car: MyUsersCarModel //add new model } } orm.initialize(config, function(err, result) { var options = { alien: result.collections } var oidc = require('openid-connect').oidc(options); app.get('/cars', oidc.use(['user', 'car']), function(req, res, next) { ... }); });
Beware that if you replace an OpenIDConnect model, you won't be able to use populate with other OpenIDConnect models.
If you replace user model, the new model should conform with OpenID Connect Standard Claims, in order to comply with the spec.
-
orm
You can replace the whole OpenIDConnect modelling instance with your own.
Beware that you must implement at least all models and exept for
user
model, all attributes.If in your models, you set
autoPK
to false, they must have anid
attribute that is primary key.Notice that you can get OpenIDConnect's default models with
require('openid-connect').defaults().models
.var orm = new modelling(options); var oidc = require('openid-connect').oidc({orm: orm});
-
auth()
returns a function to be placed as middleware in connect/express routing methods. For example:
app.get('/authorization', oidc.auth());
This is the authorization endpoint, as described in http://tools.ietf.org/html/rfc6749#section-3.1
-
consent()
returns a function to be placed as middleware in connect/express routing methods. For example:
app.post('/consent', oidc.consent());
This method saves the consent of the resource owner to a client request, or returns an access_denied error.
-
token()
returns a function to be placed as middleware in connect/express routing methods. For example:
app.get('/token', oidc.token());
This is the token endpoint, as described in http://tools.ietf.org/html/rfc6749#section-3.2
-
check(scope, ...)
returns a function to be placed as middleware in connect/express routing methods. For example:
app.get('/api/user', oidc.check('openid', /profile|email/), function(req, res, next) { ... });
If no arguments are given, checks if user is logged in.
Arguments may be of type string or regexp.
This function is used to check if user logged in, if an access_token is present, and if certain scopes where granted to it.
-
removetokens()
returns a function to be placed as middleware in connect/express routing methods. For example:
app.get('/logout', oidc.removetokens(), function(req, res, next) { ... });
This function removes all tokens that were issued to the user.
access_token is required either as a parameter or as a Bearer token.
-
userInfo()
returns a function to be placed as middleware in connect/express routing methods. For example:
app.get('/api/user', oidc.userInfo());
This function returns the user info in a json object. Checks for scope and login are included.
-
use([name])
Same description as in modelling. If you defined alien models or your own orm you can call those models as well.
-
getOrm()
Retrieves current orm of instance.
There is a complete example here.
Any suggestions, bug reports, bug fixes, pull requests, etc, are very wellcome (here).
Thanks for reading!.