@boundstate/hapi-oidc-auth

OpenID Connect auth for Hapi

Stats

stars 🌟issues ⚠️updated 🛠created 🐣size 🏋️‍♀️
@boundstate/hapi-oidc-auth
Minified + gzip package size for @boundstate/hapi-oidc-auth in KB

Readme

hapi-oidc-auth

OpenID Connect auth plugin for hapi.

Uses token introspection to verify tokens and get their details.

npm install @boundstate/hapi-oidc-auth

Usage

import * as Hapi from '@hapi/hapi';
import {hapiOidcAuth} from '@boundstate/hapi-oidc-auth';

const server = new Hapi.Server();

await server.register({
  plugin: hapiOidcAuth,
  options: {
    issuer: 'https://sso.example.com',
    clientMetadata: {
      client_id: 'my-app-id',
      client_secret: 'my-app-secret',
    },
  },
});

Dynamic client registration

Instead of specifying the client id and secret, you may provide configuration for dynamic registration:

await server.register({
  plugin: hapiOidcAuth,
  options: {
    issuer: 'https://sso.example.com',
    clientMetadata: fs.existsSync(oidcMetadataPath)
      ? JSON.parse(fs.readFileSync(oidcMetadataPath, {encoding: 'utf8'}))
      : undefined,
    dynamicRegistration: {
      initialAccessToken: 'secret',
      clientMetadata: {
        grant_types: […],
        redirect_uris: […],
        response_types: […],
      },
      onRegistered: (metadata: HapiOidcClientMetadata) => {
        fs.writeFileSync(oidcMetadataPath, JSON.stringify(metadata, null, 2));
      },
    },
  },
});

Plugin options

  • issuer: OpenID provider URL (used for discovery)
  • allowQueryToken: (optional, default: false) accept token via query parameter
  • clientMetadata: (optional) Client metadata
    • client_id: Client ID
    • client_secret: Client secret
  • dynamicRegistration: (optional) dynamic registration options
    • initialAccessToken: access token used for registration
    • clientMetadata: Client metadata for registration
    • verify: (optional, default: false) verify client when server starts and attempt registration if necessary
    • onRegistered: callback when registration succeeds

If you find any bugs or have a feature request, please open an issue on github!

The npm package download data comes from npm's download counts api and package details come from npms.io.