OpenID Connect authorization

This UnityBase model implements authorization over OpenID Connect. For adminUI "OpenIDConnect" should be added to the "authenticationMethods".

Configuration:

"security": {
  "authenticationMethods": ["UB", "OpenIDConnect"]
},
...
"application": {
    ...,
    "customSettings": {
        ...,
        "externalServerUrl": External url address. You should set this address if server work over proxy server
    }
}

Usage:

const openID = require('@unitybase/openid-connect')
let oIdEndPoint = openID.registerEndpoint('openIDConnect')
// Google
oIdEndPoint.registerProvider('Google', {
  authUrl: 'https://accounts.google.com/o/oauth2/auth',
  tokenUrl: 'https://accounts.google.com/o/oauth2/token',
  userInfoUrl: 'https://www.googleapis.com/oauth2/v1/userinfo',
  userInfoHTTPMethod: 'GET',
  scope: 'openid',
  nonce: '123',
  response_type: 'code',
  client_id: '350085411136-lpj0qvr87ce0r0ae0a3imcm25joj2t2o.apps.googleusercontent.com',
  client_secret: 'dF4qmUxhHoBAj-E1R8YZUCqA',
  getOnFinishAction: function (response) {
    return 'opener.$App.onFinishOpenIDAuth(' + JSON.stringify(response) + '); close();'
  },
  getUserID: function(userInfo) {
    let inst = UB.Repository('uba_user').attrs(['ID'])
       .where('[name]', '=', userInfo.id).select()
    return inst.eof ? null : inst.get('ID')
  }
})

// Hideez
oIdEndPoint.registerProvider('Hideez', {
  authUrl: 'https://xxx.hideez.com/connect/authorize',
  tokenUrl: 'https://xxx.hideez.com/connect/token',
  userInfoUrl: 'https://xxx.hideez.com/connect/userinfo',
  userInfoHTTPMethod: 'GET',
  scope: 'openid email', //email - omportant 
  //scope: 'openid email phone roles profile',
  nonce: 'replaceToSomeRandom',
  response_type: 'code',
  client_id: '.....',
  client_secret: '....',
  getUserID: function(userInfo) {
    let inst = UB.Repository('uba_user').attrs(['ID'])
      .where('[name]', '=', (userInfo.email || '-').toLocaleLowerCase()).select().
      return inst.eof ? null : inst.get('ID')
  }
})

// Azure
oIdEndPoint.registerProvider('Azure', {
  authUrl: 'https://login.microsoftonline.com/{tenant-guid}/oauth2/v2.0/authorize',
  tokenUrl: 'https://login.microsoftonline.com/{tenant-guid}/oauth2/v2.0/token',
  userInfoUrl: 'https://graph.microsoft.com/oidc/userinfo',
  userInfoHTTPMethod: 'POST',
  scope: 'openid',
  nonce: '123',
  response_type: 'code',
  response_mode: 'query',
  client_id: 'YOUR_CLIENT_ID',
  client_secret: 'YOUR_CLIENT_SECRET',
  getUserID: function(userInfo) {
    // console.debug("userinfo=", JSON.stringify(userInfo))
    let inst = UB.Repository('uba_user').attrs(['ID'])
      .where('[name]', '=', userInfo.name).select()
    console.debug("user", inst.eof ? null : inst.get('ID'))
    return inst.eof ? null : inst.get('ID')
  }
})

Methods

# openIDConnect (req: THTTPRequest, resp: THTTPResponse) inner

OpenID endpoint implementation If called as host:port[/app]/endpoint - return a list of registered openIDConnect providers, If called as host:port[/app]/endpoint/provider without parameters - redirect to provider authUrl If called as host:port[/app]/endpoint/provider with parameters code and state - call doProviderAuthHandshake method If called as host:port[/app]/endpoint/provider with parameters logout - redirect to logout url

Arguments:

req: THTTPRequest
resp: THTTPResponse

# registerOpenIDEndpoint (endpointName: string) → openIDEndpoint inner

Return:

endpoint

Arguments:

endpointName: string

Types

# openIDEndpoint inner

OpenID endpoint. Able to register providers