¶ Express integrated Passport OpenIdConnect Single sign-in guide
¶ Express brief description
This article uses the Node.js platform Express framework as an example, and integrated Node.js authentication middleware Passport.js, how to integrate the authing oidc single sign-on.
OIDC protocol: OIDC (OpenID Connect) is an identity authentication standard protocol based on OAuth2 protocol. OIDC uses OAuth2 authorized servers to provide users' identity authentication for third-party clients, and pass the corresponding identity authentication information to the client, and can be applied to various types of clients.
Passport: Passport is the authentication middleware of Node.js, especially flexible and modular. It is very convenient to implant any Express-based web applications. Support authentication such as username password, Facebook and Twitter.
¶ Configure Authing OIDC application
Register from authing.cn and enter the Authing Console, create an OIDC application, configure application information.
The detailed configuration is as follows:
- Application name: Application Name
- Certified address: https://App_Domain_Name.authing.cn
- Callback URL: Apply login post-callback address, for example: http://localhost:3004/auth/cb
- Authorized mode: default authorization_code、refresh_token、authing Token
- return Type: default code
- token Calculation mode: default client_secret_post
- id_token Signature algorithm: default HS256
After the configuration, the OIDC valid information is saved, which is Express to use.
- App ID: 5f34e94bece50b891729e345
- App Secret: 8226514d6740e5a9cd94fad4991e02e9
- Issuer: https://aj00.authing.cn/oauth/oidc
- Configuration information: https://aj00.authing.cn/oauth/oidc/.well-known/openid-configuration
- Callback address: http://localhost:3004/auth/cb
¶ integrated Authing OIDC application
TodoMVC Demo Project: https://github.com/Authing/todos-express-openidconnect
¶ 1. Install Deps
npm install --save passport passport-openidconnect复制成功
¶ 2. Config Passport
ref routes/auth.js:
passport.use(new OpenIDConnectStrategy({ issuer: 'https://passport-authing.authing.cn/oidc', authorizationURL: 'https://passport-authing.authing.cn/oidc/auth', tokenURL: 'https://passport-authing.authing.cn/oidc/token', userInfoURL: 'https://passport-authing.authing.cn/oidc/me', clientID: '6205d4e5dd728952be979ca1', clientSecret: 'eb578704fdc0273dd78d4ea38995ea27', // needs FULL URL in Authing console. callbackURL: '/oauth2/redirect', scope: [ 'profile' ], state: true }, function verify(issuer, profile, cb) { // you can verify and insert user into your database return cb(null, profile); }));复制成功
¶ 3. Config session
ref app.js:
// FIXME: Passport session config app.use(passport.authenticate('session'));复制成功
¶ 4. Config routes
ref routes/auth.js:
router.get('/login', passport.authenticate('openidconnect')); router.get('/oauth2/redirect', passport.authenticate('openidconnect', { successReturnToOrRedirect: '/', failureRedirect: '/login' })); router.post('/logout', function(req, res, next) { req.logout(); // for sso, or just `/` res.redirect('https://passport-authing.authing.cn/login/profile/logout?redirect_uri=' + encodeURIComponent('http://localhost:3000/')); });复制成功
¶ 5. optional
serializeUser:
passport.serializeUser(function(user, cb) { process.nextTick(function() { // Field reference: https://docs.authing.cn/v2/guides/user/user-profile.html cb(null, { id: user.id, username: user.username, name: user.nickname }); }); }); passport.deserializeUser(function(user, cb) { process.nextTick(function() { return cb(null, user); }); });复制成功
User Profile fields:
¶ Docs reference
- https://www.passportjs.org/docs/
- https://www.passportjs.org/packages/passport-openidconnect/
¶ You may also need
Use OIDC Client
Express integrated OIDC Single sign-in guide