CODEWITHSUNDEEP
node.jsoauth-2.0openid
skjindal93
skjindal93

Reputation: 734

NodeJS OpenID Connect Authentication Request

I was trying to implement OpenID-Connect by following the http://openid.net/specs/openid-connect-core-1_0.html. I am stuck on Section 3.1.2.1 It says that the client has to send the authentication request either by GET or by POST. I tried that in node.

Here is my index.js (The Client: Relying Party)

var express = require('express');
var router = express.Router();
var querystring = require('querystring');
var http = require('http');

var id_token = {
    iss : true,
    sub : true,
    aud : true,
    exp : true,
    iat : true,
    auth_time : false,
    nonce : false,
    acr : false,
    amr : false,
    azp : false
};

var auth_request = {
    scope : true,
    response_type : true,
    client_id : true,
    redirect_uri : true,
    state : true,
    response_mode : false,
    nonce : false,
    display : false,
    prompt : false,
    max_age : false,
    ui_locales : false,
    id_token_hint : false,
    login_hint : false,
    acr_values : false
};

/* GET home page. */
router.get('/', function(req, res) {
  res.render('index', { title: 'Express' });
});

router.post('/', function(req, res) {
    var formcontent = req.body;
    if (formcontent.hasOwnProperty("oauth-request")){
        var oauthrequest = querystring.stringify(auth_request);
        var options = {
            host: 'localhost',
            port: 3000,
            path: '/users',
            method: 'POST',
            headers: {
                'Content-Type': 'application/x-www-form-urlencoded',
                'Content-Length': oauthrequest.length
            }
        };

        var req = http.request(options, function(response){
            response.setEncoding('utf8');
            var str = ''
            response.on('data', function (chunk) {
                str += chunk;
            });

            response.on('end', function () {
                console.log(str);

            });
        });
        req.write(oauthrequest);
        req.end();  
    }
});

module.exports = router;

Here is my users code: (The Authentication Server)

var express = require('express');
var router = express.Router();

/* GET users listing. */
router.get('/', function(req, res) {
  res.send('respond with a resource');
});
router.post('/', function(req, res) {
    //console.log(req.body);    
    res.writeHead(200, {"Content-Type": "text/html"}); 
    res.write( 
        "<!DOCTYPE html>" + 
        "<html lang='en' dir='ltr'>" + 
            "<head>" + 
                "<meta charset='utf-8'>" + 
                "<title>Hola Mundo</title>" + 
            "</head>" + 
            "<body>" + 
                "<script type='text/javascript'>alert('Hello World')</script>" + 
            "</body>" + 
            "</html>"); 
    res.end(); 
    //res.send(req.body);
});

module.exports = router;

As it is mentioned in Section 3.1.2.1 that scope attribute of authentication request can be a pop up, so I am supposing that the Authentication should be able to open a pop up asking for a login by the user. But I am not able to open pop up on Authentication Server side. Can somebody help me with the code by opening a pop up which asks for login for the user on the server side or checks if the user is already logged in?

Upvotes: 0

Views: 4059

Answers (1)

Eugenio Pace
Eugenio Pace

Reputation: 14212

There are a lot of missing parts it appears: token endpoints, etc. You might want to take a look at passport.

Take a look at any of the implementations (under Providers) (this one in particular implements OIDC: https://github.com/auth0/passport-auth0, but there're likely others).

The (authz) server side can be then implemented with the oauthorize toolkit.

Upvotes: 1

Related Questions