This is a sample application showing how to use Passport.js with openid-client to provide authentication for an Express application.
To use this application you will need to register an OAuth2/OIDC client with your authorization server with the following settings:
- Client type: web/confidential client (uses a client secret)
- Grant types: must include
Authorization Codegrant - Token Endpoint Authentication Method:
client_secret_basic - Sign-in redirect URL:
<BASE_REDIRECT_URL>/login/callback - Sign-out redirect URL:
<BASE_REDIRECT_URL>/logout/callback - Scopes: must include
openid
The following environment variables need to be set to run the application:
CLIENT_ID=oidc-app
CLIENT_SECRET=oidc-app-secret
BASE_OIDC_DISCOVERY_URL=https://myauthorizationserver.example.com/
BASE_REDIRECT_URL=http://localhost:3000BASE_OIDC_DISCOVERY_URL should be the URL to the well known endpoint for your authorization server sans
/.well-known/openid-configuration, e.g. https://myauthorizationserver.example.com/.
BASE_REDIRECT_URL should be the URL to where you have deployed the application, without a trailing / in the path.
The only scope required for the application to work is openid. If you would like additional claims in the tokens, you
can request the corresponding scopes by specifying them with ADDITIONAL_SCOPES:
ADDITIONAL_SCOPES=email profileNote: You can create a .env file in the root of the project to specify these environment variables.
Run npm ci to install the dependencies.
Run npm start to start the server.