mirror of https://github.com/authelia/authelia.git
4.8 KiB
4.8 KiB
| title | description | summary | date | draft | images | weight | toc | support | seo | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Express.js | Integrating Express.js with the Authelia OpenID Connect 1.0 Provider. | 2024-04-18T11:00:43+10:00 | false | 620 | true |
|
|
Tested Versions
{{% oidc-common %}}
Assumptions
This example makes the following assumptions:
- Application Root URL:
https://express.{{< sitevar name="domain" nojs="example.com" >}}/ - Authelia Root URL:
https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/ - Client ID:
Express.js - Client Secret:
insecure_secret
Some of the values presented in this guide can automatically be replaced with documentation variables.
{{< sitevar-preferences >}}
Configuration
Authelia
The following YAML configuration is an example Authelia client configuration for use with Express.js which will operate with the application example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'Express.js'
client_name: 'Express.js App'
client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
require_pkce: true
require_pushed_authorization_requests: true
redirect_uris:
- 'https://express.{{< sitevar name="domain" nojs="example.com" >}}/callback'
scopes:
- 'openid'
- 'profile'
- 'email'
- 'groups'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
Application
To configure Express.js to utilize Authelia as an OpenID Connect 1.0 Provider:
Project Initialization
mkdir authelia-example && cd authelia-example && npm init -y && npm install express express-openid-connect
Create The Application
This application example assumes you're proxying the Node service with a proxy handling TLS termination for
https://express.{{< sitevar name="domain" nojs="example.com" >}}.
"use strict";
const express = require('express');
const { auth, requiresAuth } = require('express-openid-connect');
const { randomBytes } = require('crypto');
const app = express();
app.use(
auth({
authRequired: false,
baseURL: `${process.env.APP_BASE_URL || 'https://express.{{< sitevar name="domain" nojs="example.com" >}}'}/callback`,
secret: process.env.SESSION_ENCRYPTION_SECRET || randomBytes(64).toString('hex'),
clientID: process.env.OIDC_CLIENT_ID || 'Express.js',
clientSecret: process.env.OIDC_CLIENT_SECRET || 'insecure_secret',
clientAuthMethod: 'client_secret_basic',
issuerBaseURL: process.env.OIDC_ISSUER || 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}',
pushedAuthorizationRequests: true,
authorizationParams: {
response_type: 'code',
scope: 'openid profile email groups',
},
})
);
app.get('/', requiresAuth(), (req, res) => {
req.oidc.fetchUserInfo().then((userInfo) => {
const data = JSON.stringify(
{
accessToken: req.oidc.accessToken,
refreshToken: req.oidc.refreshToken,
idToken: req.oidc.idToken,
claims: req.oidc.idTokenClaims,
scopes: req.oidc.scope,
userInfo,
}, null, 2);
res.send(`<html lang='en'><body><pre><code>${data}</code></pre></body></html>`);
});
});
app.listen(3000, function () {
console.log("Listening on port 3000")
});
Environment Example:
APP_BASE_URL=https://express.{{< sitevar name="domain" nojs="example.com" >}}
SESSION_ENCRYPTION_SECRET=
OIDC_ISSUER=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}
OIDC_CLIENT_ID=Express.js
OIDC_CLIENT_SECRET=insecure_secret
See Also
- express-openid-connect API Reference Guide