- OIDC
Setup OIDC with express
- login(req, res, next) ⇒
Promise.<Middleware> - silentLogin(req, res, next) ⇒
Promise.<Middleware> - logout(req, res) ⇒
Promise.<Middleware> - requireRole(roles) ⇒
Middleware
Setup OIDC with express
Kind: global variable
Api: public
| Param | Type | Description |
|---|---|---|
| expressApp | Object |
The express app instance |
| passport | Object |
The passport instance |
| config | Object |
Configuration object |
| config.configurationUrl | string |
Url to OpenID Connect server Example: https://myOpenIDServer.com/adfs/.well-known/openid-configuration |
| config.clientId | string |
This apps clientID |
| config.clientSecret | string |
This apps client secret |
| config.tokenSecret | string |
This apps token secret, used for encrypting token for session storage |
| config.callbackLoginUrl | string |
This apps full URL to callback function for standard login. Example: http://localhost:3000/node/auth/login/callback |
| config.callbackLoginRoute | string |
The callback route used for setting up the express route. Same as config.callbackUrl without host. Example: /node/auth/login/callback |
| [config.callbackSilentLoginUrl] | string |
Optional This apps full URL to callback function for silent login. Example: http://localhost:3000/node/auth/silent/callback |
| [config.callbackSilentLoginRoute] | string |
Optional The silent callback route used for setting up the express route. Same as config.callbackUrl without host. Example: /node/auth/silent/callback |
| [config.callbackLogoutUrl] | string |
Optional This apps full URL to callback function for logout. Example: http://localhost:3000/node/auth/logout/callback |
| [config.callbackLogoutRoute] | string |
Optional The logout callback route used for setting up the express route. Same as config.callbackUrl without host. Example: /node/auth/logout/callback |
| config.defaultRedirect | string |
Fallback if no next url is supplied to login or on logout |
| [config.extendUser] | function |
Optional Function which gives you the possibility to add custom properties to the user object. The supplied function can be a async. Example: (user, claims) => { user.isAwesome = true } or async (user, claims) => { // do a api call } |
| [config.log] | Object |
Optional Logger object which should have logging functions. Used for logging in this module. Example: logger.error('Error message') |
| [config.setIsOwner] | boolean |
Optional flag with false as default. When used with requireRole, user objects includes an isOwner attribute which is set to true only if req.parameter contains the same username as the logged in username. |
Kind: global function
Summary: Check if the user it authenticated or else redirect to OpenID Connect server
for authentication
Returns: Promise.<Middleware> - A promise which resolves to a middleware which ensures a logged in user
| Param | Type | Description |
|---|---|---|
| req | Object |
Express request object |
| res | Object |
Express response object |
| next | function |
Express next middleware function |
Example
oidc.loginKind: global function
Summary: Check if the user is anonymous or authenticated, known as a "silent login"
for authentication
Returns: Promise.<Middleware> - A promise which resolves to a middleware which ensures a silent authenticated user
| Param | Type | Description |
|---|---|---|
| req | Object |
Express request object |
| res | Object |
Express response object |
| next | function |
Express next middleware function |
Example
oidc.silentLoginKind: global function
Summary: Express Middleware that logs out the user from both the OpenID Connect server and this app. Note: The user is redirected to the config.defaultRedirect after a successful logout.
Returns: Promise.<Middleware> - A promise which resolves to a middleware which logs out the current user
| Param | Type | Description |
|---|---|---|
| req | Object |
Express request object |
| res | Object |
Express response object |
Example
oidc.logoutKind: global function
Summary: Express Middleware that checks if the req.user has this/these roles.
Returns: Middleware - A Express middleware
A role is a property found on the user object and has most likely been added through the optional extendUser function parameter. @see {config.extendUser}
If config.setIsOwner is set, the user object gets additional property (isOwner) which is set only if the req.parameter has the same username
Api: public
| Param | Type | Description |
|---|---|---|
| roles | Array.<string> |
Array of roles to be compared with the ones on the req.user object |
Example
oidc.requireRole('isAdmin', 'isEditor')