ndi-login

Helper library for using Singapore NDI Singpass/Corpass login.

API Documentation

Install via NPM

npm install ndi-login

Import

import { NdiLogin } from 'ndi-login';

or

const { NdiLogin } = require('ndi-login');

Create instance

const ndiLogin = new NdiLogin({
  issuer: 'https://stg-id.singpass.gov.sg',
  clientId: 'YOUR_CLIENT_ID',
  clientAssertionJwk: {
    // JWK for signing/verifying client assertion in JSON format
  },
  idTokenJwk: {
    // JWK for encrypting/decrypting ID token in JSON format
  },
});

Generate authorization URI

const uri = await ndiLogin.generateAuthorizationUri({ redirectUri, codeChallenge, state, nonce })

Backchannel authentication

const clientAssertion = await ndiLogin.generateClientAssertion();
const { authReqId } = await ndiLogin.backchannelAuthenticate({ clientAssertion, uin })

Exchange for tokens with authorization code

const clientAssertion = await ndiLogin.generateClientAssertion();
const { idToken } = await ndiLogin.getTokens({ clientAssertion, code, redirectUri, codeVerifier });
const { sub } = await ndiLogin.getIdTokenClaims(idToken);
const { uin } = NdiLogin.parseIdTokenSub(sub);

Exchange for tokens with backchannel authentication request ID

const clientAssertion = await ndiLogin.generateClientAssertion();
const { idToken } = await ndiLogin.getTokens({ clientAssertion, authReqId });
const { sub } = await ndiLogin.getIdTokenClaims(idToken);
const { uin } = NdiLogin.parseIdTokenSub(sub);

Get your (relying party) JWKS to expose to NDI

const jwks = await ndiLogin.getRpJwks();

Utility method to generate a new pair of JWK for you (relying party)

const { clientAssertionJwk, idTokenJwk } = await NdiLogin.generateRpJwks();

Utility methods for PKCE

const codeVerifier = NdiLogin.generateCodeVerifier();
const codeChallenge = NdiLogin.generateCodeChallege(codeVerifier);

Utility methods for random values

const state = NdiLogin.generateState();
const nonce = NdiLogin.generateNonce();