How to use the openid-client.Strategy function in openid-client
To help you get started, we’ve selected a few openid-client examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
onelogin / onelogin-oidc-node / 5. Auth Flow - PKCE / app.js View on Github 
});
const params = {
client_id: process.env.OIDC_CLIENT_ID,
redirect_uri: process.env.OIDC_REDIRECT_URI,
scope: 'openid profile',
}
const passReqToCallback = false; // optional, defaults to false, when true req is passed as a first
// argument to verify fn
const usePKCE = 'S256'; // optional, defaults to false, when true the code_challenge_method will be
// resolved from the issuer configuration, instead of true you may provide
// any of the supported values directly, i.e. "S256" (recommended) or "plain"
passport.use('oidc', new Strategy({ client, params, passReqToCallback, usePKCE }, (tokenset, userinfo, done) => {
console.log('tokenset', tokenset);
console.log('access_token', tokenset.access_token);
console.log('id_token', tokenset.id_token);
console.log('claims', tokenset.claims);
console.log('userinfo', userinfo);
return done(null, userinfo)
}));
});]).then(function([keystore, issuer]) {
loginGov.issuer = issuer; // allow subsequent access to issuer.end_session_endpoint (required during RP-Initiated Logout)
client = new issuer.Client({
client_id: strategyConfig.client_id,
token_endpoint_auth_method: 'private_key_jwt',
id_token_signed_response_alg: 'RS256'
}, keystore);
client.CLOCK_TOLERANCE = 10;
var params = getParams();
passport.use('oidc-loa-1', new Strategy({client: client, params: params, passReqToCallback: true}, function(req, tokenset, userinfo, done) {
userinfo.token = tokenset.id_token; // required for RP-Initiated Logout
userinfo.state = params.state; // required for RP-Initiated Logout
User.getUserByAuthenticationId('login-gov', userinfo.email, function(err, user) {
if (err) return done(err);
var email = userinfo.email;
if (!user) {
// Create an account for the user
Role.getRole('USER_ROLE', function(err, role) {
if (err) return done(err);
var user = {
username: email,
displayName: email.split("@")[0],const getPassportStrategy = async () => {
if (passportStrategy !== undefined) {
return Promise.resolve(passportStrategy);
}
const client = await getClient();
const params = { scope: 'openid email' };
const usePKCE = true; // optional, defaults to false, when true the code_challenge_method will be
// resolved from the issuer configuration, instead of true you may provide
// any of the supported values directly, i.e. "S256" (recommended) or "plain"
passportStrategy = new Strategy(
{ client, params, usePKCE },
handleAuthenticationSuccess
);
return passportStrategy;
};// client_id defaults to client.client_id
// redirect_uri defaults to client.redirect_uris[0]
// response type defaults to client.response_types[0], then 'code'
// scope defaults to 'openid'
const params = auth.clientOptions;
// optional, defaults to false, when true req is passed as a first
// argument to verify fn
const passReqToCallback = false;
// optional, defaults to false, when true the code_challenge_method will be
// resolved from the issuer configuration, instead of true you may provide
// any of the supported values directly, i.e. "S256" (recommended) or "plain"
const usePKCE = false;
oidcStrategy = new Strategy(
{ client: oidcClient, params, passReqToCallback, usePKCE },
(tokenset, userinfo, done) =>
{
const user =
{
id : tokenset.claims.sub,
provider : tokenset.claims.iss,
_userinfo : userinfo,
_claims : tokenset.claims
};
if (userinfo.picture != null)
{
if (!userinfo.picture.match(/^http/g))
{
user.picture = `data:image/jpeg;base64, ${userinfo.picture}`;const clientId = configManager.getConfig('crowi', 'security:passport-oidc:clientId');
const clientSecret = configManager.getConfig('crowi', 'security:passport-oidc:clientSecret');
const redirectUri = (configManager.getConfig('crowi', 'app:siteUrl') != null)
? urljoin(this.crowi.appService.getSiteUrl(), '/passport/oidc/callback')
: configManager.getConfig('crowi', 'security:passport-oidc:callbackUrl'); // DEPRECATED: backward compatible with v3.2.3 and below
const oidcIssuer = await OIDCIssuer.discover(issuerHost);
debug('Discovered issuer %s %O', oidcIssuer.issuer, oidcIssuer.metadata);
const client = new oidcIssuer.Client({
client_id: clientId,
client_secret: clientSecret,
redirect_uris: [redirectUri],
response_types: ['code'],
});
passport.use('oidc', new OidcStrategy({
client,
params: { scope: 'openid email profile' },
},
((tokenset, userinfo, done) => {
if (userinfo) {
return done(null, userinfo);
}
return done(null, false);
})));
this.isOidcStrategySetup = true;
debug('OidcStrategy: setup is done');
}.then((issuer) => {
logger.info('dfe sign on discovered successfully')
const client = new issuer.Client({
client_id: config.Auth.dfeSignIn.clientId,
client_secret: config.Auth.dfeSignIn.clientSecret
})
if (config.Auth.dfeSignIn.clockToleranceSeconds && config.Auth.dfeSignIn.clockToleranceSeconds > 0) {
client.CLOCK_TOLERANCE = config.Auth.dfeSignIn.clockToleranceSeconds
}
const dfeStrategy = new Strategy({
client,
params: {
scope: config.Auth.dfeSignIn.openIdScope
}
}, async (tokenset, authUserInfo, done) => {
try {
// authUserInfo appears to be exactly the same as what client.userinfo returns 🤷♂️
// let userInfo = await client.userinfo(tokenset.access_token)
const userInfo = await dfeSigninService.initialiseUser(authUserInfo, tokenset)
done(null, userInfo)
} catch (error) {
logger.error(error)
done(error)
}
})
passport.use(authModes.dfeSignIn, dfeStrategy)async req => {
const client = await clientFromRequest(req);
const redirectTo = Array.isArray(req.query.to) ? '/' : req.query.to;
// $FlowFixMe: req.get exists and is typed, this is a bug in flow
const host = req.get('host');
return new OidcStrategy(
{
client,
path: `${config.urlPrefix}/login/oidc/callback`,
passReqToCallback: true,
params: {
redirect_uri:
`https://${host}${config.urlPrefix}/login/oidc/callback?to=` +
encodeURIComponent(redirectTo),
},
},
verify,
);
},
);openid-client
OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
Package Health Score
91 / 100Popular openid-client functions
- openid-client.custom.clock_tolerance
- openid-client.custom.http_options
- openid-client.custom.setHttpOptionsDefaults
- openid-client.generators.codeChallenge
- openid-client.generators.codeVerifier
- openid-client.Issuer
- openid-client.Issuer.defaultHttpOptions
- openid-client.Issuer.discover
- openid-client.Issuer.useRequest
- openid-client.Strategy
- openid-client.TokenSet