oidc-client-js | OpenID Connect and OAuth2 protocol support | Authentication library

 by   IdentityModel JavaScript Version: 1.11.5 License: Apache-2.0

kandi X-RAY | oidc-client-js Summary

kandi X-RAY | oidc-client-js Summary

oidc-client-js is a JavaScript library typically used in Security, Authentication applications. oidc-client-js has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can install using 'npm i oidc-client-zqy' or download it from GitHub, npm.

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              oidc-client-js has a medium active ecosystem.
              It has 2390 star(s) with 848 fork(s). There are 87 watchers for this library.
              OutlinedDot
              It had no major release in the last 12 months.
              There are 89 open issues and 1063 have been closed. On average issues are closed in 28 days. There are 27 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of oidc-client-js is 1.11.5

            kandi-Quality Quality

              oidc-client-js has 0 bugs and 0 code smells.

            kandi-Security Security

              oidc-client-js has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              oidc-client-js code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              oidc-client-js is licensed under the Apache-2.0 License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              oidc-client-js releases are available to install and integrate.
              Deployable package is available in npm.
              Installation instructions, examples and code snippets are available.
              oidc-client-js saves you 172 person hours of effort in developing the same functionality from scratch.
              It has 427 lines of code, 0 functions and 178 files.
              It has low code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed oidc-client-js and discovered the below as its top functions. This is intended to give you an instant insight into oidc-client-js implemented functionality, and help decide if they suit your requirements.
            • X509 X509 certificate .
            • Get JWT from JWT .
            • Create a new signRequest object .
            • Initialize OIDClient settings .
            • WritableStream state of a stream .
            • Creates an async iterator .
            • Invoke generator .
            • Evaluate the return iterator .
            • Asynchronously read a stream .
            • Create a user manager
            Get all kandi verified functions for this library.

            oidc-client-js Key Features

            No Key Features are available at this moment for oidc-client-js.

            oidc-client-js Examples and Code Snippets

            No Code Snippets are available at this moment for oidc-client-js.

            Community Discussions

            QUESTION

            Merging NPM dependancy with a VUE.js Javascript Project
            Asked 2022-Feb-11 at 19:40

            For a particular case in a Vue.js and JavaScript project a NPM package dependency have to be merge with the current JavaScript code base.

            In that specific case, the NPM package should not be part of the nodes_modules folder anymore but rather be part of the JavaScript code itself.

            In that case as both codebases will grow together in the future. (Independently from the original NPM package and not as a Fork)

            How can I merge or fusion a NPM package to a Javascript project?

            Additional Details:

            • The library that need to be merge is OIDC client. It's an open source project "Archived" by it's author (So no possibility to create Pull Request for a new release).
            • It is use to create a SSO for an internal project. This library has been retain by architect the for specific need of the project and there is no other option than this one.
            • There is no "internal package manager" available in this company
            • I don't want to host the fork on my personal Github and manage the package on NPM website
            ...

            ANSWER

            Answered 2022-Feb-11 at 19:40

            After many attempt to solve this problem, it turn out that Patch-Package do the best job to merge a dependency by simply patching over instead of forking.

            Syntax is pretty simple and it integrate very well with NPM:

            1. Installation: npm i patch-package

            2. Modify the code of your dependency directly in node_modules folder

            3. Run npx patch-package some-package where some-package is the name of your package to patch

            https://github.com/ds300/patch-package

            Documentation: https://github.com/ds300/patch-package

            Source https://stackoverflow.com/questions/70746340

            QUESTION

            LogoutRequest has no PostLogoutRedirectUri in it when using React.js app with ... library
            Asked 2021-Dec-28 at 12:44

            I have an Identity Server 4 instance running at https://localhost:5443/ and a client React.js application running at http://localhost:3000/ and making a reference to the oidc-client library in order to establish the communication. I've been following more or less this article.

            The way I've configured the client (in-memory) on the Identity Server is as follows:

            ...

            ANSWER

            Answered 2021-Dec-28 at 12:44

            You do not provide an idTokenHint (id token) with your logout request like the following:

            Source https://stackoverflow.com/questions/70499628

            QUESTION

            oidc-client-js always redirect to login page
            Asked 2021-Nov-20 at 13:02

            I am working on a project to set up OIDC authentication on a react SPA (authorization code with PKCE). I am working with the oidc-client-js library. My code works fine but after being authenticated I am again redirected to the login pattern. I looked at the react router side but that doesn't seem to be it. I am thinking of an asynchronous problem but I can't seem to get out of it. Can you help me please ?

            Thanks in advance

            My configuration

            ...

            ANSWER

            Answered 2021-Nov-19 at 14:15

            You need to put tighter control over when signInRedirect is called, based on whether userManager.getUser returns anything. I would start with this approach:

            • When the page loads, render the logged in state to a label on screen: true or false
            • Use a temporary login button to trigger sign in redirects rather than doing it automatically in useEffect

            Once that is reliable you can put back the onLoad automatic redirect. If it helps, here is some code of mine to compare against - you can run this code sample very easily also.

            Source https://stackoverflow.com/questions/70032731

            QUESTION

            Using IdentityServer4/5 without Angular additional libraries
            Asked 2021-Sep-26 at 11:20
            Background

            I check options to migrate my service authentication system to identityserver4\5. I have two websites:

            ...

            ANSWER

            Answered 2021-Sep-26 at 11:20

            If you run SPA you, your best bet is oidc-client.

            But the tutorials you have read are non-sense that suggest client_id/secret auth. No it is not save to have client secret in an SPA app.

            For that reason you have the Auth Code + PKCE Flow. AuthCode + PKCE (Proof of Key Code Exchange) works like Auth Code flow (client_id + secret + a code to obtain the token), but the secret is generated per request (see here). This solves the issue of having a static secret and prevents replay attacks.

            In the past Hybrid Flow, which would return the token in the redirect request from the Identity Server (after logging in and when being redirected back to your website) but this is the recommended approach anymore as Auth Code + PKCE is the more secure approach.

            You can't use a code flow based in the backend in an SPA, because the backend doesn't know the credentials and asking user to directly type in the credentials instead of redirecting them to the identity server is less secure (and less trustworthy since your app has to actually see the credentials) than interactive flows (that redirect you to the Identity Server login page)

            Source https://stackoverflow.com/questions/69334283

            QUESTION

            Which OpenId Grant Type should I use in MVC application? Code? Client Credentials?
            Asked 2020-Nov-10 at 04:11

            With ASP.NET Core 5, Angular 10 and Identity Server 4 I created 4 applications:

            1. Auth using Identity Server 4;
            2. Asp.Net Core 5 API
            3. Asp.Net Core 5 MVC
            4. Angular 10 SPA

            On the Angular application (4) I am using OIDC Client JS and Code Grant Type.

            The Asp.Net Core 5 MVC application (3) also needs to access the API ...

            I am using Identity Model but what Grant Type should I use in MVC application?

            Code as in the Angular application (Is this possible?)? Client Credentials?

            ...

            ANSWER

            Answered 2020-Nov-10 at 04:11
            1. If you login the user on MVC application and you want to call the API on behalf of the user use the Code flow. In this case only difference between MVC and angular apps is that Asp.Net Core 5 MVC is a confidential client and you can use Code flow. But Angular 10 SPA client is a public client and you should you Code + PKCE. It is although recommended to use PKCE in both cases.

            2. If you just call an API through MVC and as the app itself and not behalf of the user, you can use Client Credentials flow. This flow is for server to server scenarios and it is secure. In this case you should do authorization for MVC app as well.

            Source https://stackoverflow.com/questions/64751564

            QUESTION

            OIDC js library reponse cookies are not stored and not attaching for subsequent requests
            Asked 2020-Oct-27 at 23:14

            I am using authcodeflow with PKCE.

            Using OIDC js library in the frontend, making calls to adfs getting an auth code and then calling my backend api. The backend api which calls adfs server get the access token and the backend api returns the token as a cookie to the frontend. I can see the cookie in response headers. but That cookie is not stored in browser and not getting added for subsequent requests. I have tried with samesite with all modes -> Lax, None,Strict and not setting. Is this an issue with OIDC js library or is it blocking the cookies to store in browser?

            Update: Below are the observation with my analysis Since the OIdc-client-js does not have an option to set flag "withCredentials" to true for the requests. There are no cookies send in the request and response cookies are ignored for the cross origin requests.This changes are marked as enhancement and still not completed in thier github repo. https://github.com/IdentityModel/oidc-client-js/issues/1062

            Is there any way to achieve with this library? or any other libraries for OIDC js

            https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials

            ...

            ANSWER

            Answered 2020-Oct-27 at 23:14

            So you are issuing a cookie from an API domain that is a sibling of the WEB domain:

            • web.mycompany.com
            • api.mycompany.com
            • Cookie domain = .mycompany.com

            POSSIBLE CAUSES FOR COOKIE BEING DROPPED

            Maybe it is the withCredentials flag or maybe due to a lack of user gesture, since the user has not done anything explicit to navigate to api.mycompany.com, such as a browser navigation or clicking a link?

            FORCING WITHCREDENTIALS

            You can override the prototype like this in order to add the withCredentials property. This is a little hacky but you could limit usage based on the URL and it should let you know whether setting withCredentials resolves your problem:

            Source https://stackoverflow.com/questions/64459362

            QUESTION

            identityserver4 adding api resource causing unauthorized requests
            Asked 2020-Oct-06 at 12:28

            I have an application that is using identityServer4 for authentication and Angular10(with oidc-client-js) for front-end and an ASP.NET Core API as the resource API. everything was working fine until I added the following line to the API startup configuration , then after log in all my requests were returning 401.

            ...

            ANSWER

            Answered 2020-Oct-06 at 12:28

            The best practice is to keep your IdentityServer on a separate service, just so that you can reason about how it all works. When its is one place, its really hard to understand what is going on. I would start with a separate IdentityServer, and then merge when it works and when you fully understand what is going on.

            If you get the "You must either set Authority or IntrospectionEndpoint" exception in your API, then the Authority is not properly set. You have the source code for the exception here.

            In your Api startup, I would also set the default authentication scheme to:

            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

            See this page:

            Source https://stackoverflow.com/questions/64219938

            QUESTION

            How to make Angular Client to inform Identity Server which login method to use?
            Asked 2020-Sep-17 at 16:53

            I am using IdentityServer 4 with an Angular 10 client that uses OIDC Client JS:

            To redirect a user for signin I am calling signinRedirect on the Angular's client:

            ...

            ANSWER

            Answered 2020-Sep-17 at 16:53

            It is possible to send a message to the identity provider using oidc-client by using the args parameter of signinRedirect method.

            If you take a look at oidc-client-js/src/SigninRequest.js from their github repository, you can see that you can supply the following optional parameters to the aforementioned method:

            • data,
            • prompt,
            • display,
            • max_age,
            • ui_locales,
            • id_token_hint,
            • login_hint,
            • acr_values,
            • resource,
            • response_mode,
            • request,
            • request_uri,
            • extraQueryParams,
            • request_type,
            • client_secret,
            • extraTokenParams,
            • skipUserInfo

            Later in the code, on line 75 of this file version, they have this:

            Source https://stackoverflow.com/questions/63941089

            QUESTION

            Angular SPA with identity server and oidc-client-js: is there a pattern to trigger login when the application starts (without using a login button)?
            Asked 2020-Sep-15 at 13:16

            I'm working with an angular 8 SPA, and I'm trying to use the oidc-client-js library to handle the user authentication. The identity provider is implemented by using identity server 4.

            Our desired user experience is the following: when the SPA is loaded in the browser, without requiring any kind of user interaction, the login flow is started. Put in other words, we would like to trigger the login flow automatically and to avoid the need for an explicit login button in the first view of the application.

            The AppComponent is the first component loaded in our application and it has the following init method:

            ...

            ANSWER

            Answered 2020-Sep-10 at 17:47

            REQUIREMENTS

            There are 2 main aspects to making this work. It is a design pattern really, and can be implemented in any language:

            • Trigger login redirects based on whether you can get data from APIs
            • Handle the login response as part of your page load, which then makes tokens available for calling APIs, avoiding further redirects

            You'll have to figure out the Angular specifics, since I don't know that framework. I hope this gives you a few useful pointers though.

            RESOURCES OF MINE

            The code below uses plain Typescript, and you'd need to translate that to your preferred Angular syntax.

            My blog also has some more advanced samples if useful, on stuff like silent token renewal - and a Quick Start Page where you can run an online React sample with the above behaviour.

            Source https://stackoverflow.com/questions/63834125

            QUESTION

            Claims on Server and on Client do not match
            Asked 2020-Jun-23 at 22:11

            With IdentityServer 4 v4.0 and Asp.Net Core Identity 3.1 I get the claims after login:

            ...

            ANSWER

            Answered 2020-Jun-23 at 22:11
            • For the first Question try replacing ClaimTypes.Role by JwtClaimTypes.Role.
            • Regarding the second question isn't your username the same as your Email?

            Edit:

            In your ProfileService constructor inject IUserClaimsPrincipalFactory and apply the following changes to your GetProfileDataAsync() function:

            Source https://stackoverflow.com/questions/62541908

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install oidc-client-js

            Node.js v4.4 or later required. NOTE: if you're not already using babel-polyfill make sure you run npm install --save babel-polyfill as well. Then include it in your build.

            Support

            All are welcome on the issue tracker.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/IdentityModel/oidc-client-js.git

          • CLI

            gh repo clone IdentityModel/oidc-client-js

          • sshUrl

            git@github.com:IdentityModel/oidc-client-js.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Authentication Libraries

            supabase

            by supabase

            iosched

            by google

            monica

            by monicahq

            authelia

            by authelia

            hydra

            by ory

            Try Top Libraries by IdentityModel

            IdentityModel

            by IdentityModelC#

            IdentityModel.OidcClient

            by IdentityModelC#

            AuthorizationServer

            by IdentityModelC#

            IdentityModel.AspNetCore

            by IdentityModelC#