OpenID Connect authorization
This UnityBase model implements authorization over OpenID Connect. For adminUI "OpenIDConnect" should be added to the "authenticationMethods".
Configuration:
"security": {
"authenticationMethods": ["UB", "OpenIDConnect"]
},
...
"application": {
...,
"customSettings": {
...,
"externalServerUrl": External url address. You should set this address if server work over proxy server
}
}
Usage:
const openID = require('@unitybase/openid-connect')
let oIdEndPoint = openID.registerEndpoint('openIDConnect')
oIdEndPoint.registerProvider('Google', {
authUrl: 'https://accounts.google.com/o/oauth2/auth',
tokenUrl: 'https://accounts.google.com/o/oauth2/token',
userInfoUrl: 'https://www.googleapis.com/oauth2/v1/userinfo',
userInfoHTTPMethod: 'GET',
scope: 'openid',
nonce: '123',
response_type: 'code',
client_id: '350085411136-lpj0qvr87ce0r0ae0a3imcm25joj2t2o.apps.googleusercontent.com',
client_secret: 'dF4qmUxhHoBAj-E1R8YZUCqA',
getOnFinishAction: function (response) {
return 'opener.$App.onFinishOpenIDAuth(' + JSON.stringify(response) + '); close();'
},
getUserID: function(userInfo) {
let inst = UB.Repository('uba_user').attrs(['ID'])
.where('[name]', '=', userInfo.id).select()
return inst.eof ? null : inst.get('ID')
}
})
Methods
# openIDConnect (req: THTTPRequest, resp: THTTPResponse) inner
OpenID endpoint implementation
If called as host:port[/app]/endpoint - return a list of registered openIDConnect providers,
If called as host:port[/app]/endpoint/provider without parameters - redirect to provider authUrl
If called as host:port[/app]/endpoint/provider with parameters code and state - call doProviderAuthHandshake method
If called as host:port[/app]/endpoint/provider with parameters logout - redirect to logout url
Arguments:
req: THTTPRequestresp: THTTPResponse
# registerOpenIDEndpoint (endpointName: String) → openIDEndpoint inner
Register openID connect endpoint
Return:
endpoint
Arguments:
endpointName: String
Types
# openIDEndpoint inner
OpenID endpoint. Able to register providers