Convert Figma logo to code with AI

panva logonode-oidc-provider

OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js

3,206
765
3,206
0
View on GitHubView on NPM

Top Related Projects

keycloak's avatar

keycloak

22,126

Open Source Identity and Access Management For Modern Applications and Services

ory's avatar

hydra

15,556

The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.

jaredhanson's avatar

passport

22,914

Simple, unobtrusive authentication for Node.js.

supertokens's avatar

supertokens-core

12,980

Open source alternative to Auth0 / Firebase Auth / AWS Cognito

authelia's avatar

authelia

21,425

The Single Sign-On Multi-Factor portal for web apps

Quick Overview

panva/node-oidc-provider is a certified OpenID Connect Provider (OP) implementation for Node.js. It offers a flexible and feature-rich solution for implementing OpenID Connect authentication and authorization in Node.js applications. The library is fully compliant with OpenID Connect specifications and supports various OAuth 2.0 flows.

Pros

  • Fully certified and compliant with OpenID Connect specifications
  • Highly customizable and extensible
  • Supports various OAuth 2.0 flows and grant types
  • Active development and community support

Cons

  • Steep learning curve for beginners
  • Requires a good understanding of OpenID Connect and OAuth 2.0 concepts
  • Configuration can be complex for advanced use cases
  • Limited built-in UI components for login and consent screens

Code Examples

  1. Basic Provider Setup:
const { Provider } = require('oidc-provider');

const configuration = {
  clients: [{
    client_id: 'foo',
    client_secret: 'bar',
    redirect_uris: ['https://example.com/cb'],
  }],
};

const oidc = new Provider('https://your-op.example.com', configuration);

// Use with your web framework
app.use('/oidc', oidc.callback());
  1. Custom Claims:
const oidc = new Provider('https://your-op.example.com', {
  async findAccount(ctx, id) {
    return {
      accountId: id,
      async claims(use, scope) {
        return { sub: id, email: 'foo@bar.com' };
      },
    };
  },
});
  1. Custom Grant Type:
const oidc = new Provider('https://your-op.example.com', {
  features: {
    customGrants: {
      enabled: true,
    },
  },
});

oidc.registerGrantType('custom_grant', async function customGrantTypeHandler(ctx, next) {
  // Custom grant type logic here
  ctx.oidc.grant = { ... };
  await next();
});

Getting Started

  1. Install the package:

    npm install oidc-provider

  2. Create a basic provider:

    const { Provider } = require('oidc-provider');
const configuration = {
  clients: [{
    client_id: 'client',
    client_secret: 'secret',
    redirect_uris: ['https://client.example.com/cb'],
  }],
};
const oidc = new Provider('https://your-op.example.com', configuration);

  3. Use with your web framework (e.g., Express):

    const express = require('express');
const app = express();
app.use('/oidc', oidc.callback());
app.listen(3000);

Competitor Comparisons

keycloak logo

keycloak

22,126

Open Source Identity and Access Management For Modern Applications and Services

Pros of Keycloak

  • Comprehensive identity and access management solution with a wide range of features
  • Supports multiple protocols (OpenID Connect, SAML, OAuth 2.0) out of the box
  • Provides a user-friendly admin console for easy management and configuration

Cons of Keycloak

  • Heavier resource footprint and more complex setup compared to node-oidc-provider
  • Steeper learning curve due to its extensive feature set
  • Less flexibility for customization in certain scenarios

Code Comparison

Keycloak (Java):

@Override
protected void configureHttpSecurity(HttpSecurity http) throws Exception {
    super.configureHttpSecurity(http);
    http.authorizeRequests()
        .antMatchers("/protected-resource").authenticated()
        .anyRequest().permitAll();
}

node-oidc-provider (JavaScript):

const oidc = new Provider('https://your-op.example.com', {
  clients: [
    { client_id: 'foo', client_secret: 'bar', redirect_uris: ['https://client.example.com/cb'] }
  ],
  features: {
    devInteractions: { enabled: false }
  }
});

The code snippets demonstrate the configuration of security settings in Keycloak and the initialization of node-oidc-provider. Keycloak uses Java annotations and HttpSecurity configuration, while node-oidc-provider uses a more concise JavaScript setup.

ory logo

hydra

15,556

The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.

Pros of Hydra

  • Written in Go, offering better performance and lower resource usage
  • Supports multiple databases (PostgreSQL, MySQL, CockroachDB)
  • Provides a more comprehensive OAuth2 and OpenID Connect implementation

Cons of Hydra

  • Steeper learning curve due to its extensive feature set
  • Less flexibility for customization compared to node-oidc-provider
  • Requires separate components for user management and consent flows

Code Comparison

node-oidc-provider:

const provider = new Provider('https://my-oidc-provider.com', {
  clients: [{ client_id: 'foo', client_secret: 'bar', redirect_uris: ['https://client.example.com/cb'] }],
  // ... other configuration options
});

Hydra:

import "github.com/ory/hydra/driver"

d := driver.NewDefaultDriver(
    driver.WithDSN("postgres://user:password@host:port/database"),
    // ... other configuration options
)

Both projects offer robust OpenID Connect and OAuth 2.0 implementations, but they cater to different use cases. node-oidc-provider is more flexible and easier to customize, making it suitable for projects that require specific modifications. Hydra, on the other hand, provides a more comprehensive solution with better performance, making it ideal for large-scale deployments and enterprise environments.

jaredhanson logo

passport

22,914

Simple, unobtrusive authentication for Node.js.

Pros of Passport

  • More versatile, supporting various authentication strategies beyond just OpenID Connect
  • Larger community and ecosystem with numerous plugins and integrations
  • Simpler to set up for basic authentication needs

Cons of Passport

  • Less specialized for OpenID Connect, requiring additional configuration for full OIDC support
  • May require more manual work to implement complex OIDC features
  • Not as up-to-date with the latest OIDC specifications compared to node-oidc-provider

Code Comparison

Passport (basic setup):

const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;

passport.use(new LocalStrategy((username, password, done) => {
  // Authentication logic here
}));

node-oidc-provider (basic setup):

const Provider = require('oidc-provider');
const configuration = {
  // OIDC configuration options
};
const oidc = new Provider('http://localhost:3000', configuration);

Both libraries offer different approaches to authentication. Passport provides a more general-purpose solution with its strategy-based architecture, while node-oidc-provider focuses specifically on implementing a full-featured OpenID Connect Provider. The choice between them depends on the specific requirements of your project and the level of OIDC compliance needed.

supertokens logo

supertokens-core

12,980

Open source alternative to Auth0 / Firebase Auth / AWS Cognito

Pros of SuperTokens

  • Offers a complete authentication solution with pre-built UI components
  • Provides multi-tenancy support out of the box
  • Includes features like passwordless login and social login integrations

Cons of SuperTokens

  • Less flexible for custom OIDC implementations
  • May have a steeper learning curve for developers familiar with raw OIDC
  • Limited to specific programming languages and frameworks

Code Comparison

SuperTokens (Node.js SDK):

import supertokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

supertokens.init({
    appInfo: {
        apiDomain: "https://api.example.com",
        appName: "MyApp",
        websiteDomain: "https://example.com"
    },
    recipeList: [Session.init()]
});

node-oidc-provider:

const { Provider } = require('oidc-provider');
const configuration = {
  clients: [{ client_id: 'foo', client_secret: 'bar', redirect_uris: ['http://example.com/cb'] }],
};
const oidc = new Provider('http://localhost:3000', configuration);

Both libraries offer authentication solutions, but SuperTokens provides a more comprehensive package with pre-built components, while node-oidc-provider offers greater flexibility for custom OIDC implementations. The choice between them depends on specific project requirements and developer expertise.

authelia logo

authelia

21,425

The Single Sign-On Multi-Factor portal for web apps

Pros of Authelia

  • Comprehensive authentication solution with multi-factor authentication, single sign-on, and access control
  • Supports various authentication backends (LDAP, file-based) and integrates with popular reverse proxies
  • Offers a user-friendly web portal for authentication and account management

Cons of Authelia

  • More complex setup and configuration compared to node-oidc-provider
  • Limited focus on OpenID Connect (OIDC) functionality, as it's a broader authentication solution
  • May have a steeper learning curve for developers primarily interested in OIDC implementation

Code Comparison

Authelia configuration (YAML):

jwt_secret: a_very_important_secret
default_redirection_url: https://public.example.com
server:
  host: 0.0.0.0
  port: 9091

node-oidc-provider configuration (JavaScript):

const oidc = new Provider('https://your-domain.com', {
  clients: [
    { client_id: 'foo', client_secret: 'bar', redirect_uris: ['https://example.com/cb'] }
  ],
  // ... other configuration options
});

While Authelia provides a more comprehensive authentication solution with additional features, node-oidc-provider offers a focused and flexible OIDC implementation. The choice between the two depends on specific project requirements and the desired level of OIDC functionality.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

oidc-provider

This module provides an OAuth 2.0 (RFC 6749) Authorization Server with support for OpenID Connect (OIDC) and many other additional features and standards.

Table of Contents

Implemented specs & features

The following specifications are implemented by oidc-provider (not exhaustive):

Note that not all features are enabled by default, check the configuration section on how to enable them.

Supported Access Token formats:

The following draft specifications are implemented by oidc-provider:

Updates to draft specification versions are released as MINOR library versions, if you utilize these specification implementations consider using the tilde ~ operator in your package.json since breaking changes may be introduced as part of these version updates. Alternatively acknowledge the version and be notified of breaking changes as part of your CI.

Certification

OpenID Certification
Filip Skokan has certified that oidc-provider conforms to the following profiles of the OpenID Connect™ protocol.

  • Basic, Implicit, Hybrid, Config, Dynamic, Form Post, and 3rd Party-Init
  • Back-Channel Logout and RP-Initiated Logout
  • FAPI 1.0
  • FAPI CIBA
  • FAPI 2.0

Sponsor

Auth0 by Okta

If you want to quickly add OpenID Connect authentication to Node.js apps, feel free to check out Auth0's Node.js SDK and free plan. Create an Auth0 account; it's free!

Support

If you or your company use this module, or you need help using/upgrading the module, please consider becoming a sponsor so I can continue maintaining it and adding new features carefree. The only way to guarantee you get feedback from the author & sole maintainer of this module is to support the package through GitHub Sponsors.

Documentation & Configuration

oidc-provider can be mounted to existing connect, express, fastify, hapi, or koa applications, see how. The provider allows to be extended and configured in various ways to fit a variety of uses. See the documentation and example folder.

import Provider from 'oidc-provider'
const configuration = {
  // refer to the documentation for other available configuration
  clients: [
    {
      client_id: 'foo',
      client_secret: 'bar',
      redirect_uris: ['http://lvh.me:8080/cb'],
      // ... other client properties
    },
  ],
}

const oidc = new Provider('http://localhost:3000', configuration)

oidc.listen(3000, () => {
  console.log(
    'oidc-provider listening on port 3000, check http://localhost:3000/.well-known/openid-configuration',
  )
})

Recipes

Collection of useful configuration use cases are available over at recipes.

Events

oidc-provider instances are event emitters, using event handlers you can hook into the various actions and i.e. emit metrics that react to specific triggers. See the list of available emitted event names and their description.

NPM DownloadsLast 30 Days