¶ Express integrated Passport OpenIdConnect Single sign-in guide

¶ Express brief description

This article uses the Node.js platform Express framework as an example, and integrated Node.js authentication middleware Passport.js, how to integrate the authing oidc single sign-on.

OIDC protocol: OIDC (OpenID Connect) is an identity authentication standard protocol based on OAuth2 protocol. OIDC uses OAuth2 authorized servers to provide users' identity authentication for third-party clients, and pass the corresponding identity authentication information to the client, and can be applied to various types of clients.

Passport: Passport is the authentication middleware of Node.js, especially flexible and modular. It is very convenient to implant any Express-based web applications. Support authentication such as username password, Facebook and Twitter.

¶ Configure Authing OIDC application

Register from authing.cn and enter the Authing Console, create an OIDC application, configure application information.

The detailed configuration is as follows:

• Application name: Application Name
• Certified address: https://App_Domain_Name.authing.cn
• Callback URL: Apply login post-callback address, for example: http://localhost:3004/auth/cb
• Authorized mode: default authorization_code、refresh_token、authing Token
• return Type: default code
• token Calculation mode: default client_secret_post
• id_token Signature algorithm: default HS256

After the configuration, the OIDC valid information is saved, which is Express to use.

• App ID: 5f34e94bece50b891729e345
• App Secret: 8226514d6740e5a9cd94fad4991e02e9
• Issuer: https://aj00.authing.cn/oauth/oidc
• Configuration information: https://aj00.authing.cn/oauth/oidc/.well-known/openid-configuration
• Callback address: http://localhost:3004/auth/cb

¶ integrated Authing OIDC application

TodoMVC Demo Project: https://github.com/Authing/todos-express-openidconnect

¶ 1. Install Deps

npm install --save passport passport-openidconnect

¶ 2. Config Passport

ref routes/auth.js:

passport.use(new OpenIDConnectStrategy({
  issuer: 'https://passport-authing.authing.cn/oidc',
  authorizationURL: 'https://passport-authing.authing.cn/oidc/auth',
  tokenURL: 'https://passport-authing.authing.cn/oidc/token',
  userInfoURL: 'https://passport-authing.authing.cn/oidc/me',
  clientID: '6205d4e5dd728952be979ca1',
  clientSecret: 'eb578704fdc0273dd78d4ea38995ea27',
  // needs FULL URL in Authing console.
  callbackURL: '/oauth2/redirect',
  scope: [ 'profile' ],
  state: true
},
function verify(issuer, profile, cb) {
  // you can verify and insert user into your database
  return cb(null, profile);
}));

¶ 3. Config session

ref app.js:

// FIXME: Passport session config
app.use(passport.authenticate('session'));

¶ 4. Config routes

ref routes/auth.js:

router.get('/login', passport.authenticate('openidconnect'));

router.get('/oauth2/redirect', passport.authenticate('openidconnect', {
  successReturnToOrRedirect: '/',
  failureRedirect: '/login'
}));

router.post('/logout', function(req, res, next) {
  req.logout();
  // for sso, or just `/`
  res.redirect('https://passport-authing.authing.cn/login/profile/logout?redirect_uri=' + encodeURIComponent('http://localhost:3000/'));
});

¶ 5. optional

serializeUser:

passport.serializeUser(function(user, cb) {
  process.nextTick(function() {
    // Field reference:  https://docs.authing.cn/v2/guides/user/user-profile.html
    cb(null, { id: user.id, username: user.username, name: user.nickname });
  });
});

passport.deserializeUser(function(user, cb) {
  process.nextTick(function() {
    return cb(null, user);
  });
});

User Profile fields:

¶ Docs reference

• https://www.passportjs.org/docs/
• https://www.passportjs.org/packages/passport-openidconnect/

¶ You may also need

Use OIDC Client