Skip to content
This repository has been archived by the owner on Feb 15, 2020. It is now read-only.

An example Login.gov client application which authenticates users via OpenID Connect (OIDC). Built with Node.js, Express.js, and Passport.js.

License

Notifications You must be signed in to change notification settings

18F/identity-oidc-expressjs

Repository files navigation

This sample SP has been retired. It was used for early prototyping for integrations with login.gov and has not been maintained. It has confirmed vulnerabilities and should not be used for production itegrations.

For maintained examples of integrations with login.gov please refer to:

identity-oidc-expressjs

An example Login.gov client application which authenticates users via OpenID Connect (OIDC). Built with Node.js, Express.js, and Passport.js. Uses the openid-client package, a certified OpenID Relaying Party, to issue authentication requests.

Demo:

a screencast of a user navigating this application: logging in using LOA1 by clicking a button on the homepage, then getting redirected to a profile page showing the user's email address, then logging out and demonstrating inability to access the profile page again. then repeating the process using LOA3 to log-in produces the same results, except it displays more user information on the profile page.

Prerequisites

Install Dependencies

Install Node.js (version 8.9.3), perhaps using NVM to do so.

Install nodemon development server globally:

npm install nodemon -g

Install package dependences:

npm install

Choose a Login.gov Environment

Sandbox Environment

Set the DISCOVERY_URL environment variable to one of the sandbox urls:

  • https://idp.dev.identitysandbox.gov
  • https://idp.int.identitysandbox.gov (untested)

Development Environment (Local Server)

Set the DISCOVERY_URL environment variable to http://localhost:3000.

Run a Login.gov (identity-idp) instance locally on port 3000:

cd path/to/identity-idp

bin/rails s -b 127.0.0.1
bundle exec sidekiq --config config/sidekiq.yml
mailcatcher -f

NOTE: the openid-client package attempts to make various authentication requests to 127.0.0.1:3000, but when the Login.gov instance is running normally on localhost:3000 via the make run command, the openid-client requests won't be able to find it (produces RequestError: connect ECONNREFUSED 127.0.0.1:3000 client errors). So a work-around for this issue is to run the Login.gov instance via the commands listed above. 😃

Usage

Run this client application on a local web server:

DEBUG=identity-oidc-expressjs:* npm start # then view localhost:9393 in a browser

About

An example Login.gov client application which authenticates users via OpenID Connect (OIDC). Built with Node.js, Express.js, and Passport.js.

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published