Skip to content

spid-cie-oidc-ts 0.1.0

Install from the command line:
Learn more about npm packages
$ npm install @xevolab/spid-cie-oidc-ts@0.1.0
Install via package.json:
"@xevolab/spid-cie-oidc-ts": "0.1.0"

About this version

SPID/CIE OIDC Service Provider

Integrate with SPID and CIE authentication using the OIDC federation protocol.

Documentation · Releases

Apache 2.0 License Release badge

[!NOTE] This library is still in development, all feedback is welcome!

[!WARNING] At this moment, SPID does not officially support the OIDC federation protocol.

Let your users to authenticate with SPID and CIE using the OIDC federation protocol in your applications, with a simple and easy-to-use library. And also TypeScript compatible.

Installation

npm install @xevolab/spid-cie-oidc-ts

Usage

Creating a key set

The object passed to the OIDCClient constructor must contain two key sets. These keys are used to:

  • Sign, verify and encrypt the JWTs exchanged with the OIDC provider
  • Sign and verify the OIDC federation manifest
const keys = {
	oidc: {
		sig: {
			public:  "-----BEGIN PUBLIC KEY-----...",
			private: "-----BEGIN RSA PRIVATE KEY-----..."
		},
		enc: {
			public:  "-----BEGIN PUBLIC KEY-----...",
			private: "-----BEGIN RSA PRIVATE KEY-----..."
		},
	},
	federation: {
		sig: {
			public:  "-----BEGIN PUBLIC KEY-----...",
			private: "-----BEGIN RSA PRIVATE KEY-----..."
		}
	}
};

If a specific set of federation sig key is not provided, the library will use the OIDC sig key.

Initializing the Client

import OIDCClient, { devTrustAnchors, prodTrustAnchors } from 'oidc-client-library';

const client = new OIDCClient({
  clientID:  process.env.APP_FULL_URL,
	providers: [{
		id: "cie",
		wellKnown: "https://preproduzione.oidc.idserver.servizicie.interno.gov.it/.well-known/openid-federation"
	}],
	keys,
	callbackURL:  process.env.APP_FULL_URL + "/callback",
	spidLevel: 2,
	attributes: ["given_name", "family_name", "email", "birthdate", "https://attributes.eid.gov.it/fiscal_number"],
	trustAnchors: devTrustAnchors,
	trustMarks: [{
		"id": "",
		"iss": "",
		"trust_mark": "eyJ..."
	}],
	logger: (state, action, payload) => { /* ... */ }
});

Starting the Authentication Flow

const authResponse = client.authorization(providerID);
if (authResponse.ok) {
  // Redirect the user to the URL provided in authResponse.url
}

Handling the Callback

// Grab the state, code, and iss parameters from the callback URL query string
const callbackResponse = await client.callback({ state, code, iss });

if (callbackResponse.ok) {
  // Handle successful authentication
} else {
  // Handle errors
}

Details

Assets

  • spid-cie-oidc-ts-0.1.0.tgz

Download activity

  • Total downloads 1
  • Last 30 days 0
  • Last week 0
  • Today 0

Recent versions

View all