node-oidc-provider - OpenID Provider(OP) implementation for node

  •        184

oidc-provider is an OpenID Provider implementation of OpenID Connect. It allows to export a complete mountable or standalone OpenID Provider implementation. This implementation does not dictate a fixed data models or persistence store, instead, you must provide adapters for these. A generic in memory adapter is available to get you started as well as feature-less dev-only views to be able to get off the ground. The following specifications are implemented by oidc-provider. Note that not all features are enabled by default, check the configuration section on how to enable them.

https://github.com/panva/node-oidc-provider

Dependencies:

base64url : ^2.0.0
debug : ^3.0.0
ejs : ^2.5.2
got : ^8.0.0
http-errors : ^1.4.0
kcors : ^2.2.1
koa : ^2.0.1
koa-compose : ^4.0.0
koa-router : ^7.0.1
lodash : ^4.5.0
lru-cache : ^4.0.0
node-jose : ^0.11.0
oidc-token-hash : ^2.0.0
raw-body : ^2.1.7
uuid : ^3.0.0

Tags
Implementation
License
Platform

   




Related Projects

mod_auth_openidc - OpenID Connect Relying Party and OAuth 2

  •    C

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. It can also function as an OAuth 2.0 Resource Server, validating OAuth 2.0 bearer access tokens presented by OAuth 2.0 Clients. This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party (RP) to an OpenID Connect Provider (OP). It authenticates users against an OpenID Connect Provider, receives user identity information from the OP in a so called ID Token and passes on the identity information (a.k.a. claims) in the ID Token to applications hosted and protected by the Apache web server.

fosite - Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

  •    Go

The security first OAuth2 & OpenID Connect framework for Go. Built simple, powerful and extensible. This library implements peer-reviewed IETF RFC6749, counterfeits weaknesses covered in peer-reviewed IETF RFC6819 and countermeasures various database attack scenarios, keeping your application safe when that hacker penetrates or leaks your database. OpenID Connect is implemented according to OpenID Connect Core 1.0 incorporating errata set 1 and includes all flows: code, implicit, hybrid.OAuth2 and OpenID Connect are difficult protocols. If you want quick wins, we strongly encourage you to look at Hydra. Hydra is a secure, high performance, cloud native OAuth2 and OpenID Connect service that integrates with every authentication method imaginable and is built on top of Fosite.

MITREid Connect - An OpenID Connect reference implementation in Java on the Spring platform

  •    Java

This project contains a certified OpenID Connect reference implementation in Java on the Spring platform, including a functioning server library, deployable server package, client (RP) library, and general utility libraries. The server can be used as an OpenID Connect Identity Provider as well as a general-purpose OAuth 2.0 Authorization Server.

dex - OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors

  •    Go

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex acts as a portal to other identity providers through "connectors." This lets dex defer authentication to LDAP servers, SAML providers, or established identity providers like GitHub, Google, and Active Directory. Clients write their authentication logic once to talk to dex, then dex handles the protocols for a given backend.

hydra - OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure

  •    Go

ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app. Implementing the consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs (Go, Node) are provided.Besides mitigating various attack vectors, such as database compromisation and OAuth 2.0 weaknesses, ORY Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Click here to read more about security.


Authlib - An ambitious authentication library for OAuth 1, OAuth 2, OpenID clients and servers.

  •    Python

The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included. Authlib is compatible with Python2.7+ and Python3.6+.

dex - OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors

  •    Go

Dex is an identity service that uses OpenID Connect to drive authentication for other apps.Dex is NOT a user-management system, but acts as a portal to other identity providers through "connectors." This lets dex defer authentication to LDAP servers, SAML providers, or established identity providers like GitHub, Google, and Active Directory. Clients write their authentication logic once to talk to dex, then dex handles the protocols for a given backend.

Cierge - 🗝️ Passwordless OIDC authentication done right

  •    CSharp

Cierge is an OpenID Connect server that handles user signup, login, profiles, management, social logins, and more. Instead of storing passwords, Cirege uses magic links/codes and external logins to authenticate your users. Passwords are insecure by default. Cierge does away by the illusion of security passwords give ("forgot password" usually relies upon email-based auth at the end of the day).

lua-resty-openidc - Lua implementation to make NGINX operate as an OpenID Connect RP or OAuth 2

  •    Lua

lua-resty-openidc is a library for NGINX implementing the OpenID Connect Relying Party (RP) and/or the OAuth 2.0 Resource Server (RS) functionality. When used as an OpenID Connect Relying Party it authenticates users against an OpenID Connect Provider using OpenID Connect Discovery and the Basic Client Profile (i.e. the Authorization Code flow). When used as an OAuth 2.0 Resource Server it can validate OAuth 2.0 Bearer Access Tokens against an Authorization Server or, in case a JSON Web Token is used for an Access Token, verification can happen against a pre-configured secret/key .

angular-oauth2-oidc - Support for OAuth 2 and OpenId Connect (OIDC) in Angular.

  •    TypeScript

Support for OAuth 2 and OpenId Connect (OIDC) in Angular. Successfully tested with Angular 6 and its Router, PathLocationStrategy as well as HashLocationStrategy and CommonJS-Bundling via webpack. At server side we've used IdentityServer (.NET/ .NET Core) and Redhat's Keycloak (Java).

IdentityServer3 - OpenID Connect Provider and OAuth 2

  •    CSharp

Certified OpenID Connect implementation.IdentityServer is a .NET/Katana-based framework and hostable component that allows implementing single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAuth2. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures.

IdentityServer4 - OpenID Connect and OAuth 2.0 Framework for ASP.NET Core

  •    CSharp

IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core. Founded and maintained by Dominick Baier and Brock Allen, IdentityServer4 incorporates all the protocol implementations and extensibility points needed to integrate token-based authentication, single-sign-on and API access control in your applications. IdentityServer4 is officially certified by the OpenID Foundation and thus spec-compliant and interoperable. It is part of the .NET Foundation, and operates under their code of conduct. It is licensed under Apache 2 (an OSI approved license).For project documentation, please visit readthedocs.

Apache Oltu - OAuth protocol implementation in Java

  •    Java

Apache Oltu is an OAuth protocol implementation in Java. It also covers others "OAuth family" related implementations such as JWT, JWS and OpenID Connect.

DotNetOpenAuth - A C# implementation of the OpenID, OAuth protocols

  •    CSharp

The C# implementation of the OpenID, OAuth protocols. Use DotNetOpenAuth to create Identity Providers and Identity Consumers (Relying Parties).

oidc-client-js - OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications

  •    Javascript

Library to provide OpenID Connect (OIDC) and OAuth2 protocol support for client-side, browser-based JavaScript client applications. Also included is support for user session and access token management.Node.js v4.4 or later required.

keycloak-gatekeeper - A OpenID / Keycloak Proxy service

  •    Go

Keycloak Gatekeeper is an adapter which, at the risk of stating the obvious, integrates with the Keycloak authentication service. The Gatekeeper is most happy in the company of Keycloak, but is also able to make friends with other OpenID Connect providers. The service supports both access tokens in browser cookie or bearer tokens.

openiddict-core - Easy-to-use OpenID Connect server for ASP.NET Core

  •    CSharp

OpenIddict aims at providing a simple and easy-to-use solution to implement an OpenID Connect server in any ASP.NET Core 1.x or 2.x application. OpenIddict is based on AspNet.Security.OpenIdConnect.Server (codenamed ASOS) to control the OpenID Connect authentication flow and can be used with any membership stack, including ASP.NET Core Identity.

AppAuth-iOS - iOS and macOS SDK for communicating with OAuth 2.0 and OpenID Connect providers.

  •    Objective-C

AppAuth for iOS and macOS is a client SDK for communicating with OAuth 2.0 and OpenID Connect providers. It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language. In addition to mapping the raw protocol flows, convenience methods are available to assist with common tasks like performing an action with fresh tokens. It follows the best practices set out in RFC 8252 - OAuth 2.0 for Native Apps including using SFAuthenticationSession and SFSafariViewController on iOS for the auth request. UIWebView and WKWebView are explicitly not supported due to the security and usability reasons explained in Section 8.12 of RFC 8252.