Simple Javascript client that implements the OpenID Connect implicit flow.
This code is forked based on a javascript library written by Edmund Jay, and referened in a blog by Nat Sakimura
To use this library, include the openidconnect.js
your HTML page.
- Set the provider and client configuration info through JSON objects;
- Call the server – login;
- In the callback page, callback.html, you will get ID Token back, so that you can put it into the cookie to handle the session.
A full tutorial on how to use this library on a Single Page App is available in Gluu Docs.
List of the Identity Provider's configuration parameters.
- supportedProviderOptions.issuer (string): Issuer ID
- supportedProviderOptions.authorization_endpoint (string): Authorization Endpoint URL
- supportedProviderOptions.jwks_uri (string): JWKS URI
- supportedProviderOptions.claims_parameter_supported (boolean): Claims parameter support
- supportedProviderOptions.request_parameter_supported (boolean): Request parameter support
- supportedProviderOptions.jwks (object): Identity Provider's JWK Set
Supported Login Request parameters.
- supportedRequestOptions.scope (string): Space separated scope values
- supportedRequestOptions.response_type (string): Space separated response_type values
- supportedRequestOptions.display (string): Display
- supportedRequestOptions.max_age (string): Max_age
- supportedRequestOptions.claims (object): Claims object containing what information to return in the UserInfo endpoint and ID Token
- supportedRequestOptions.claims.id_token (array): List of claims to return in the ID Token
- supportedRequestOptions.claims.userinfo (array): List of claims to return in the UserInfo endpoint
- supportedRequestOptions.request (boolean): Signed request object JWS. Not supported yet.
List of supported Client configuration parameters.
- supportedClientOptions.client_id (string): The client's client_id
- supportedClientOptions.redirect_uri (string): The client's redirect_uri
- p - The Identity Provider's configuration options described in OIDC.supportedProviderOptions
Sets the Identity Provider's configuration parameters. It may be done declaring each parameter on code or using the returning information from OIDC.discover('https://(hostname)'). It returns a boolean value indicating status of call.
// set Identity Provider configuration
OIDC.setProviderInfo( {
issuer: 'https://(hostname)',
authorization_endpoint: 'http://(hostname)/auth.html',
jwks_uri: 'https://(hostname)/jwks'
});
// set Identity Provider configuration using discovery information
var discovery = OIDC.discover('https://(hostname)');
if(var)
OIDC.setProviderInfo(discovery);
- p - The Client's configuration options described in OIDC.supportedClientOptions
Sets the Client's configuration parameters. It returns a boolean value indicating status of call. If the Client's configuration options does not include a client_id the method will dynamically register a new client with the redirect_uri passed.
// set client_id and redirect_uri
OIDC.setClientInfo( {
client_id: 'myclientID',
redirect_uri: 'https://rp.example.com/callback.html'
}
);
- providerInfo - The Identity Provider's configuration options described in OIDC.supportedProviderOptions
- clientInfo - The Client's configuration options described in OIDC.supportedClientOptions
Stores the Identity Provider and Client configuration options in the browser session storage for reuse later.
Load and set the Identity Provider and Client configuration options from the browser session storage.
- params - List of Identity Provider and client configuration parameters
Check whether the required configuration parameters are set. It returns a boolean value indicating whether the options have been set.
Clears the Identity Provider configuration parameters.
- reqOptions - Optional authentication request options (OIDC.supportedRequestOptions)
Redirect to the Identity Provider for authentication.
// login with options
OIDC.login({
scope : 'openid profile',
response_type : 'token id_token',
max_age : 60,
claims : {
id_token : ['email', 'phone_number'],
userinfo : ['given_name', 'family_name']
}
});
// login with default
// scope = openid and response_type = id_token
OIDC.login();
- id_token - The ID Token string
Verifies the ID Token signature using the JWK Keyset from jwks or jwks_uri of the Identity Provider Configuration options set via OIDC.setProviderInfo. Supports only RSA signatures. It returns a boolean value indicates whether the signature is valid or not.
- id_token - The ID Token string
Validates the information in the ID Token against configuration data in the Identity Provider and Client configuration set via OIDC.setProviderInfo and set via OIDC.setClientInfo. It returns a boolean value indicating the validity of the ID Token.
- jws - The JWS string
- jwk - The JWK Key that will be used to verify the signature
Verifies the JWS string using the JWK. It returns a boolean value indicating the validity of the JWS signature.
Return the ID Token string taken from the current page URL whose signature is verified and contents validated against the configuration data set via OIDC.setProviderInfo and OIDC.setClientInfo.
Return Access Token string taken from the current page URL.
Return Authorization Code string taken from the current page URL.
- id_token - The ID Token string
Splits the ID Token string into the individual JWS parts. It returns an array of the JWS compact serialization components (header, payload, signature).
- id_token - The ID Token string
Return a JSON object with contents of the ID Token payload.
- jsonS - JSON string
Return the JSON object from the JSON string.
- url - URL to fetch the JSON file
Retrieves the JSON file at the specified URL. The URL must have CORS enabled for this function to work. It returns a string of contents of the URL or null.
- jwkIn - JWK Keyset string or object.
- kty - The 'kty' to match (RSA|EC). Only RSA is supported.
- use - The 'use' to match (sig|enc).
- kid - The 'kid' to match
Retrieve the JWK key that matches the input criteria. It returns an array of JWK keys that match the specified criteria.
- issuer - The Identity Provider's issuer_id
Performs discovery on the Identity Provider's issuer_id. It returns the JSON object of the discovery document or null.
- toggle - Boolean value that enables or disables debugging output
- id_token - The ID Token string
Print current Client's configuration options, Identity Provider's configuration options, results for verification and validation of id_token and its signature directly on console.
- access_token - Access Token string
Request and return the user information from the Identity Provider.
- redirect_uri - Redirect URI string
Dynamically register a new client with the given redirect URI. It returns a JSON Object with the registered client's information. The following list describe the default configuration for the dynamic registration:
- Application Type: Web
- Client Name: Dynamically Registered Client
- Subject Type: Public
- Grant Type: implicit
- Response Type: token, id_token
- Scopes: email, openid, profile