Node Library
To authenticate and use your app with the IDPartner API, install the node-idpartner node module.
To create an OAuth Confidential Client using the IDPartner APIs we created a node module which makes it easy to get going quickly.
To install the module using NPM:
npm install @idpartner/node-oidc-client
Or Yarn:
yarn add @idpartner/node-oidc-client
Include the
@idpartner/node-oidc-client
module within your script and instantiate it with a config:const IDPartner = require('@idpartner/node-oidc-client');
const rawJWKS = fs.readFileSync('jwks.json');
const jwks = JSON.parse(rawJWKS);
const idPartner = new IDPartner({
jwks,
client_id: '128ecf542a35ac5270a87dc740918404',
callback: 'https://myapplication.com/auth/callback',
});
For example:
const jose = require('node-jose');
const keyStore = jose.JWK.createKeyStore();
keyStore.generate('RSA', 2048, { alg: 'RSA-OAEP', enc: 'A256CBC-HS512', use: 'enc' }));
keyStore.generate('RSA', 2048, { alg: 'PS256', use: 'sig' }));
const JWKS = keyStore.toJSON(true);
Instantiating a IDPartner instance without a config object will result in an error
Set up your IDPartner as above and pass the following configuration options in:
{
client_id: 'Your application's client ID',
callback: 'The location you want the app to return to on success',
jwks: 'Private/public keys used to verify and decrypt any JSON Web Token (JWT) issued by the identity provider authorization server
}
const express = require('express'),
router = express.Router(),
IDPartner = require('@idpartner/node-oidc-client');
const rawJWKS = fs.readFileSync('jwks.json');
const jwks = JSON.parse(rawJWKS);
const idPartner = new IDPartner({
jwks,
client_id: 'mXzJ0TJEbWQb2A8s1z6gq',
callback: 'https://myapplication.com/auth/callback',
});
router.get('/jwks', (req, res, next) => {
const jwks = await idPartner.getPublicJWKs();
res.send(jwks);
});
router.get('/auth', (req, res, next) => {
const scope = ['openid', 'email', 'profile'];
req.session.idp_proofs = idPartner.generateProofs();
const authorizationUrl = await idPartner.getAuthorizationUrl(req.query, req.session.idp_proofs, scope);
res.redirect(authorizationUrl);
});