openid-client-server

An OpenId Relying Party (RP, Client) application server.

This module leverages the openid-client module to implement a web server that secures any Web UI framework that can be hosted by Node.js with Authorization Code Flow (optional Proof Key), Implicit Flow or Hybrid Flow. The module also provides configurable proxy endpoints that include the user token automatically in requests to API endpoints, as well a session management making it easier to create Web UI's that are "secure by default".

Install

with npm

$ npm install @optum/openid-client-server

with yarn

$ yarn add @optum/openid-client-server

Usage

Options

The resolveOptions function will leverage environmental variables to auto-build all options with defaults. It can be required in the server setup module via import {resolveOptions} from '@optum/openid-client-server.

For more info see the .env.example file

clientServer

Use the clientServer function to create a http server with an integrated openid-client and all features in @optum/openid-client-server.

With a Promise

import {IncomingMessage, ServerResponse} from 'http'
import {clientServer} from '@optum/openid-client-server'

import handle from 'serve-handler'

const port = parseInt(process.env.NEXT_SERVER_PORT ?? '8080', 10)

const serveHandler = async (
    req: IncomingMessage,
    res: ServerResponse
): Promise<void> => {
    handle(req, res, {
        headers: [
            {
                source: '**/*.*',
                headers: [
                    {
                        key: 'Cache-Control',
                        value: 'max-age=0'
                    }
                ]
            }
        ]
    })
}

clientServer({
    contentHandler: serveHandler
})
    .then(server =>
        server.listen(port, () => {
            console.log(`> Ready on http://localhost:${port}`)
        })
    )
    .catch(error => {
        console.log('Static content server failed to start')
        console.error(error)
    })

With a Async Await

import {IncomingMessage, ServerResponse} from 'http'
import {clientServer} from '@optum/openid-client-server'

import handle from 'serve-handler'

const port = parseInt(process.env.NEXT_SERVER_PORT ?? '8080', 10)

;(async (): Promise<void> => {
    try {
        const serveHandler = async (
            req: IncomingMessage,
            res: ServerResponse
        ): Promise<void> => {
            handle(req, res, {
                headers: [
                    {
                        source: '**/*.*',
                        headers: [
                            {
                                key: 'Cache-Control',
                                value: 'max-age=0'
                            }
                        ]
                    }
                ]
            })
        }

        const server = await clientServer({contentHandler: serveHandler})

        server.listen(port, () => {
            console.log(`> Ready on http://localhost:${port}`)
        })
    } catch (error) {
        console.log('Static content server failed to start')
        console.error(error)
    }
})()

For a Next.js example, see: examples/nextjs file

Background

The original goal of this module was to provide as easy way to implement OpenID flows with Next.js applications via a custom Next.js server. There were issues leveraging frameworks like Koa.js for "easy wins" in session management and out-of-the-box middleware, so tides turned to using Node's core http module. The result ended up working for any Web UI that could be served by Node.js, so here we are.

Development

Environment

• Node.js is required to develop this module. Please install the latest LTS version if you haven't already.
• Module dependencies are managed with Yarn. Please install it if you haven't already.

  $ npm i -g yarn

Editors

VS Code

• Prettier - Code Formatter

IntelliJ

• Prettier