18f / identity-oidc-expressjs Goto Github PK
View Code? Open in Web Editor NEWAn example Login.gov client application which authenticates users via OpenID Connect (OIDC). Built with Node.js, Express.js, and Passport.js.
License: Other
An example Login.gov client application which authenticates users via OpenID Connect (OIDC). Built with Node.js, Express.js, and Passport.js.
License: Other
Add a CONTRIBUTING.md
file, with adapted content from the 18F default.
When following the setup instructions I receive:
Redirect uri redirect_uri does not match registered redirect_uri
Unable to test authentication.
As described in the README, there is an issue with the way the openid-client
package interacts with a locally-running identity-idp
instance.
Error:
{ RequestError: connect ECONNREFUSED 127.0.0.1:3000
at ClientRequest.req.once.err (/Users/username/projects/my-identity-sp/node_modules/openid-client/node_modules/got/index.js:219:22)
at Object.onceWrapper (events.js:315:30)
at emitOne (events.js:121:20)
at ClientRequest.emit (events.js:211:7)
at Socket.socketErrorListener (_http_client.js:387:9)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at emitErrorNT (internal/streams/destroy.js:64:8)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickCallback (internal/process/next_tick.js:180:9)
name: 'RequestError',
code: 'ECONNREFUSED',
host: 'localhost:3000',
hostname: 'localhost',
method: 'GET',
path: '/.well-known/openid-configuration',
protocol: 'http:',
url: 'http://localhost:3000/.well-known/openid-configuration' }
Right now there are certain workarounds for the issue (namely, running identity-idp
with rails s -b 0.0.0.0
instead of make run
), but this encumbers the full functionality of identity-idp
, requiring additional work-arounds for the account creation process and the LOA3 setup process.
I have filed an issue with the openid-client
package in hopes of learning more about how to resolve the issue.
Change License to Public Domain: https://github.com/18F/open-source-policy
As described in the README, this application should allow the user to additionally/alternatively authenticate against the integration server (https://idp.int.login.gov/).
The application should check the value of an environment variable called LOGIN_GOV_DISCOVERY_URL
and use that value during discovery.
Right now this application's credentials are waiting to be merged and deployed to the integration server, but it should be possible to develop this feature in the meantime using the example Sinatra application's credentials.
After authentication, when the URL comes back to localhost, I see the following error in the browser:
id_token issued in the future
AssertionError [ERR_ASSERTION]: id_token issued in the future
at Client.validateIdToken (D:\Work\login\node_modules\openid-client\lib\client.js:469:7)
at grant.then.then.tokenset (D:\Work\login\node_modules\openid-client\lib\client.js:333:32)
at process._tickCallback (internal/process/next_tick.js:68:7)
I am using the Sandbox Environment to test this. Please help me as to what can be done to fix this.
@s2t2 Hi Mike I was interested in knowing if there is any way to integrate Login.gov with a react or angular apps something similar to Google Login as I was looking at the documentation but can't find anything related.
Remove the fork relationship between this repo and the personal repo.
Right now, the logout link signs the user out of this application, but does not also sign them out of login.gov. There are situations where this is desirable, however there are also situations where it would be desirable to also sign the user out of login.gov. For demonstration purposes, this application should present the user with an option to do either.
See: https://developers.login.gov/openid-connect/#logout-request for information about making the logout request:
https://idp.int.login.gov/openid_connect/logout?
id_token_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJiMmQyZDExNS0xZDdlLTQ1NzktYjlkNi1mOGU4NGY0ZjU2Y2EiLCJpc3MiOiJodHRwczovL2lkcC5pbnQubG9naW4uZ292IiwiYWNyIjoiaHR0cDovL2lkbWFuYWdlbWVudC5nb3YvbnMvYXNzdXJhbmNlL2xvYS8xIiwibm9uY2UiOiJhYWQwYWE5NjljMTU2YjJkZmE2ODVmODg1ZmFjNzA4MyIsImF1ZCI6InVybjpnb3Y6Z3NhOm9wZW5pZGNvbm5lY3Q6ZGV2ZWxvcG1lbnQiLCJqdGkiOiJqQzdOblU4ZE5OVjVsaXNRQm0xanRBIiwiYXRfaGFzaCI6InRsTmJpcXIxTHIyWWNOUkdqendsSWciLCJjX2hhc2giOiJoWGpxN2tPcnRRS196YV82dE9OeGN3IiwiZXhwIjoxNDg5Njk0MTk2LCJpYXQiOjE0ODk2OTQxOTgsIm5iZiI6MTQ4OTY5NDE5OH0.pVbPF-2LJSG1fE9thn27PwmDlNdlc3mEm7fFxb8ZADdRvYmDMnDPuZ3TGHl0ttK78H8NH7rBpH85LZzRNtCcWjS7QcycXHMn00Cuq_Bpbn7NRdf3ktxkBrpqyzIArLezVJJVXn2EeykXMvzlO-fJ7CaDUaJMqkDhKOK6caRYePBLbZJFl0Ri25bqXugguAYTyX9HACaxMNFtQOwmUCVVr6WYL1AMV5WmaswZtdE8POxYdhzwj777rkgSg555GoBDZy3MetapbT0csSWqVJ13skWTXBRrOiQQ70wzHAu_3ktBDXNoLx4kG1fr1BiMEbHjKsHs14X8LCBcIMdt49hIZg&
post_logout_redirect_uri=${REDIRECT_URI}&
state=abcdefghijklmnopabcdefghijklmnop
It might be helpful to deploy this app to a production environment.
Similar to other example login.gov client applications, there is an opportunity to deploy it to a login.gov sub-domain, for inclusion in the identity-dashboard and for more realistic client demonstration purposes.
Also, preparing the app to be deployed to production might prove useful for developers looking to adapt this app in the future, decreasing the effort required on their part.
If deploying to production, some considerations include session security and server logging. And identity-idp will need to be re-configured to recognize the new environment. And devops will probably need to help set up the subdomain.
Express Secure Sessions Reference:
The following scenarios should be tested (maybe):
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.