Passport strategy for IdentityServer3 OpenID Connect Provider
This strategy supports AuthorizationCode flow.
// Strategy allows you to overwrite the identifier. It will be 'identity3-oidc'
// by default if you only give the constructor the config object.
passport.use(new Identity3Strategy('custom_name', {
configuration_endpoint: 'https://localhost:44333/.well-known/openid-configuration',
client_id: 'your_client_id',
client_secret: 'your_client_secret',
callback_url: '/login',
scopes: ['profile', 'offline_access'],
transformIdentity: function(identity) {
return identity;
},
onEndSession: function(req, res) {
// shouldn't end or write to res since the framework will be redirecting.
// there just in case you need it.
}
}));
This feature will redirect the user to identity server's logout feature to clear their SSO session
// This will also destroy express sessions if they are present.
app.get('/logout', function(req, res) {
passport._strategy('custom_name').endSession(req, res);
});
You can get the current user's profile data with the following
app.get('/', function(req, res) {
var strategy = passport._strategy('custom_name'),
profileScopes = ['profile'],
additionalClaims = null; // Optionally you can specify specific claims to request as an array of string.
res.writeHead(200, {
'Content-Type': 'text/html'
});
strategy.profile(req, profileScopes, additionalClaims, function(err, profile) {
res.end('<html><body>Logged in, <a href="/logout">Logout</a><pre>' + JSON.stringify(profile, null, 2) + '</pre></body></html>');
});
});