Generated on Apr 21, 2024 via pnpm

Npm

Home

openid-client 3.15.10

OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs

auth

authentication

basic

Package summary

issues

licenses

Package created

8 Jul 2016

Version published

2 Sep 2020

Maintainers

Total deps

Direct deps

License

MIT

Issues

2 moderate severity issues

moderate

got@9.6.0

Got allows a redirect to a UNIX socket

Recommendation: Upgrade to version 11.8.5 or later

via: got@9.6.0

jose@1.28.2

jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

Recommendation: Upgrade to version 2.0.7 or later

via: jose@1.28.2

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

46 Packages, Including:

@panva/asn1.js@1.0.0

@sindresorhus/is@0.14.0

@szmarczak/http-timer@1.1.2

@types/got@9.6.12

@types/keyv@3.1.4

@types/node@20.12.7

@types/responselike@1.0.3

@types/tough-cookie@4.0.5

aggregate-error@3.1.0

asynckit@0.4.0

base64url@3.0.1

cacheable-request@6.1.0

clean-stack@2.2.0

clone-response@1.0.3

combined-stream@1.0.8

decompress-response@3.3.0

defer-to-connect@1.1.3

delayed-stream@1.0.0

end-of-stream@1.4.4

form-data@2.5.1

get-stream@4.1.0

get-stream@5.2.0

got@9.6.0

indent-string@4.0.0

jose@1.28.2

json-buffer@3.0.0

keyv@3.1.0

lowercase-keys@1.0.1

lowercase-keys@2.0.0

mime-db@1.52.0

mime-types@2.1.35

mimic-response@1.0.1

normalize-url@4.5.1

object-hash@2.2.0

oidc-token-hash@5.0.3

openid-client@3.15.10

p-any@3.0.0

p-cancelable@1.1.0

p-cancelable@2.1.1

p-some@5.0.0

prepend-http@2.0.0

pump@3.0.0

responselike@1.0.2

to-readable-stream@1.0.0

undici-types@5.26.5

url-parse-lax@3.0.0

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

5 Packages, Including:

lru-cache@6.0.0

make-error@1.3.6

once@1.4.0

wrappy@1.0.2

yallist@4.0.0

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

duplexer3@0.1.5

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

http-cache-semantics@4.1.1

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of openid-client 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
@types/got	9.6.12	4.77 kB	MIT	prod
base64url	3.0.1	2.89 kB	MIT	prod
got	9.6.0	24.07 kB	MIT	prod	1
jose	1.28.2	52.04 kB	MIT	prod	1
lru-cache	6.0.0	5.65 kB	ISC	prod
make-error	1.3.6	4.33 kB	ISC	prod
object-hash	2.2.0	17.85 kB	MIT	prod
oidc-token-hash	5.0.3	3.59 kB	MIT	prod
p-any	3.0.0	2.35 kB	MIT	prod

Tree

Treemap

Frequently Asked Questions

What does openid-client do?

The openid-client npm package provides an implementation of OpenID Relying Party (RP, Client) for the Node.js runtime. It supports various OpenID Connect/OAuth2.0 specifications such as OpenID Connect Core 1.0, OpenID Connect Discovery 1.0, RFC7009 - OAuth 2.0 Token revocation, RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow), and more. The package assists in consuming OpenID Connect Authorization Server responses and wrapping around requests to its endpoints.

How do you use openid-client?

Installing and using openid-client is straightforward with npm. First, install the package:

npm install openid-client

Once installed, you can require the package and use its various functionalities in your Node.js application. Here are examples for different use cases:

Discover an Issuer configuration using its published .well-known endpoints:

import { Issuer } from 'openid-client';

const googleIssuer = await Issuer.discover('https://accounts.google.com');
console.log('Discovered issuer %s %O', googleIssuer.issuer, googleIssuer.metadata);

Authorization Code Flow:

import { generators } from 'openid-client';

const client = new googleIssuer.Client({
  client_id: 'your_client_id',
  client_secret: 'your_secret_key',
  redirect_uris: ['http://localhost:3000/cb'],
  response_types: ['code'],
});
const code_verifier = generators.codeVerifier();
const code_challenge = generators.codeChallenge(code_verifier);

Multiple other examples for Authorization Code Flow, Implicit ID Token Flow, Device Authorization Grant (Device Flow) can be found in the package’s readme file.

Where are the openid-client docs?

For a comprehensive understanding of the openid-client npm package, you can review its official documentation on GitHub. The documentation covers various aspects such as Issuer, Client, Customizing, TokenSet, Strategy, generators, and errors.