Introduction
In this tutorial series, we will explore how to implement OpenID with Node.js, TypeScript, and MongoDB. The focus of this guide is to provide a comprehensive, step-by-step approach to building an OIDC (OpenID Connect 1.0) authorization server along with a web application and an API service. Through this tutorial we are going to use panava/node-oidc-provider library, which is an OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js.
Source Code
You can find the complete source code for this tutorial series at ebrahimmfadae/openid-connect-app on GitHub.
Requirements
To follow along with this tutorial series, you should have a good understanding of JavaScript and be familiar with the concepts of OpenID or OAuth 2.0. Additionally, basic knowledge of CSS, HTML, TypeScript, and Docker will be beneficial.
Setup
Before getting started, ensure that you have the following versions installed:
$ node -v
v18.17.1
$ yarn -v
v3.6.3
$ docker --version
Docker version 20.10.7, build f0df350
$ docker-compose --version
Docker Compose version v2.15.1
Goals
- Create an authorization server based on OpenID protocol.
- Create an web application that acts as a client for authorization server.
- Create an API (resource server) to demonstrate accessing restricted resources by authenticated users.
USAGE WARNING!
Please note that the code provided in this tutorial series should not be used in production without ensuring proper security measures and suitability for your specific use case.
Ask for help or give feedback
If you need any assistance or have feedback to share, you can reach out to me through the following channels:
- Email: ebrahimmfadae@gmail.com
- GitHub: ebrahimmfadae
- LinkedIn: ebrahimmfadae
UPDATE #1 - 8 October 2022
Please note that the panava/node-oidc-provider repository has disabled its issue section, which raises concerns about the project's maintenance. Additionally, critical bugs have been observed that require delving into the source code for resolution. While the repository may still serve the purpose of learning the OIDC protocol, caution is advised when using it.
Top comments (2)
Hi! Thank you for always answering questions quickly.
I am currently trying to deploy an application on a remote server. And I'm having trouble with that.
The problem arises at the last stage - getting tokens when I try to send a CallBack form. I see in the developer panel that an extra 301 redirect appears. And after it there is an error 500.
I think that the problem appears due to the fact that the OIDC on the server uses HTTPS. The APP uses HTTP.
Please tell me, maybe there are some ideas how to make this application work correctly on a remote server.
Here are the changed environment variables:
Public REMOTE addresses
PUBLIC_OIDC_ISSUER=testsso.site.com:443
PUBLIC_APP_URL=testsso.site.com:3005
PUBLIC_API_URL=testsso.site.com:3006
And also, an error occurs when registering a user: Internal Server Error
Another such warning appears in the logs:
oidc-provider WARNING: x-forwarded-proto header not detected for an https issuer, you must configure your ssl offloading proxy and the provider, see documentation for more details: https://github.com/panva/node-oidc-provider/tree/v7.14.3/docs/README.md#trusting-tls-offloading-proxiesOn the 'localhost', the application works without errors.
Sorry, It seems we have lost track of our conversation. If there's still an issue, feel free to email me at ebrahimfae@gmail.com.