Skip to content

Latest commit

 

History

History
208 lines (142 loc) · 8.81 KB

README.md

File metadata and controls

208 lines (142 loc) · 8.81 KB

openid-implicit-client

Simple Javascript client that implements the OpenID Connect implicit flow.

This code is forked based on a javascript library written by Edmund Jay, and referened in a blog by Nat Sakimura

To use this library, include the openidconnect.js your HTML page.

  • Set the provider and client configuration info through JSON objects;
  • Call the server – login;
  • In the callback page, callback.html, you will get ID Token back, so that you can put it into the cookie to handle the session.

A full tutorial on how to use this library on a Single Page App is available in Gluu Docs.


OIDC Variables

Supported Provider Options

List of the Identity Provider's configuration parameters.

  • supportedProviderOptions.issuer (string): Issuer ID
  • supportedProviderOptions.authorization_endpoint (string): Authorization Endpoint URL
  • supportedProviderOptions.jwks_uri (string): JWKS URI
  • supportedProviderOptions.claims_parameter_supported (boolean): Claims parameter support
  • supportedProviderOptions.request_parameter_supported (boolean): Request parameter support
  • supportedProviderOptions.jwks (object): Identity Provider's JWK Set

Supported Request Options

Supported Login Request parameters.

  • supportedRequestOptions.scope (string): Space separated scope values
  • supportedRequestOptions.response_type (string): Space separated response_type values
  • supportedRequestOptions.display (string): Display
  • supportedRequestOptions.max_age (string): Max_age
  • supportedRequestOptions.claims (object): Claims object containing what information to return in the UserInfo endpoint and ID Token
  • supportedRequestOptions.claims.id_token (array): List of claims to return in the ID Token
  • supportedRequestOptions.claims.userinfo (array): List of claims to return in the UserInfo endpoint
  • supportedRequestOptions.request (boolean): Signed request object JWS. Not supported yet.

Supported Client Options

List of supported Client configuration parameters.

  • supportedClientOptions.client_id (string): The client's client_id
  • supportedClientOptions.redirect_uri (string): The client's redirect_uri

OIDC Methods

setProviderInfo(p)

Sets the Identity Provider's configuration parameters. It may be done declaring each parameter on code or using the returning information from OIDC.discover('https://(hostname)'). It returns a boolean value indicating status of call.

Example:
// set Identity Provider configuration
OIDC.setProviderInfo( {
    issuer: 'https://(hostname)',
    authorization_endpoint: 'http://(hostname)/auth.html',
    jwks_uri: 'https://(hostname)/jwks'
    });

// set Identity Provider configuration using discovery information
var discovery = OIDC.discover('https://(hostname)');
if(var)
  OIDC.setProviderInfo(discovery);

setClientInfo(p)

Sets the Client's configuration parameters. It returns a boolean value indicating status of call. If the Client's configuration options does not include a client_id the method will dynamically register a new client with the redirect_uri passed.

Example:
// set client_id and redirect_uri
OIDC.setClientInfo( {
   client_id: 'myclientID',
   redirect_uri: 'https://rp.example.com/callback.html'
  }
);

storeInfo(providerInfo, clientInfo)

Stores the Identity Provider and Client configuration options in the browser session storage for reuse later.

restoreInfo()

Load and set the Identity Provider and Client configuration options from the browser session storage.

checkRequiredInfo(params)

  • params - List of Identity Provider and client configuration parameters

Check whether the required configuration parameters are set. It returns a boolean value indicating whether the options have been set.

clearProviderInfo()

Clears the Identity Provider configuration parameters.

login(reqOptions)

Redirect to the Identity Provider for authentication.

Example:
// login with options
OIDC.login({
   scope : 'openid profile',
   response_type : 'token id_token',
   max_age : 60,
   claims : {
      id_token : ['email', 'phone_number'],
      userinfo : ['given_name', 'family_name']
      }
});

// login with default
// scope = openid and response_type = id_token
OIDC.login();

verifyIdTokenSig(id_token)

  • id_token - The ID Token string

Verifies the ID Token signature using the JWK Keyset from jwks or jwks_uri of the Identity Provider Configuration options set via OIDC.setProviderInfo. Supports only RSA signatures. It returns a boolean value indicates whether the signature is valid or not.

isValidIdToken(id_token)

  • id_token - The ID Token string

Validates the information in the ID Token against configuration data in the Identity Provider and Client configuration set via OIDC.setProviderInfo and set via OIDC.setClientInfo. It returns a boolean value indicating the validity of the ID Token.

rsaVerifyJWS(jws, jwk)

  • jws - The JWS string
  • jwk - The JWK Key that will be used to verify the signature

Verifies the JWS string using the JWK. It returns a boolean value indicating the validity of the JWS signature.

getValidIdToken()

Return the ID Token string taken from the current page URL whose signature is verified and contents validated against the configuration data set via OIDC.setProviderInfo and OIDC.setClientInfo.

getAccessToken()

Return Access Token string taken from the current page URL.

getCode()

Return Authorization Code string taken from the current page URL.

getIdTokenParts(id_token)

  • id_token - The ID Token string

Splits the ID Token string into the individual JWS parts. It returns an array of the JWS compact serialization components (header, payload, signature).

getIdTokenPayload(id_token)

  • id_token - The ID Token string

Return a JSON object with contents of the ID Token payload.

getJsonObject(jsonS)

  • jsonS - JSON string

Return the JSON object from the JSON string.

fetchJSON(url)

  • url - URL to fetch the JSON file

Retrieves the JSON file at the specified URL. The URL must have CORS enabled for this function to work. It returns a string of contents of the URL or null.

jwk_get_key(jwkIn, kty, use, kid)

  • jwkIn - JWK Keyset string or object.
  • kty - The 'kty' to match (RSA|EC). Only RSA is supported.
  • use - The 'use' to match (sig|enc).
  • kid - The 'kid' to match

Retrieve the JWK key that matches the input criteria. It returns an array of JWK keys that match the specified criteria.

discover(issuer)

  • issuer - The Identity Provider's issuer_id

Performs discovery on the Identity Provider's issuer_id. It returns the JSON object of the discovery document or null.

debug(toggle, id_token)

  • toggle - Boolean value that enables or disables debugging output
  • id_token - The ID Token string

Print current Client's configuration options, Identity Provider's configuration options, results for verification and validation of id_token and its signature directly on console.

getUserInfo(access_token)

  • access_token - Access Token string

Request and return the user information from the Identity Provider.

registerClient(redirect_uri)

  • redirect_uri - Redirect URI string

Dynamically register a new client with the given redirect URI. It returns a JSON Object with the registered client's information. The following list describe the default configuration for the dynamic registration:

  • Application Type: Web
  • Client Name: Dynamically Registered Client
  • Subject Type: Public
  • Grant Type: implicit
  • Response Type: token, id_token
  • Scopes: email, openid, profile