50 releases
| new 0.2.6 | Jul 23, 2024 |
|---|---|
| 0.2.0 | Jun 6, 2024 |
| 0.1.2 | Jan 24, 2024 |
| 0.1.1 | Nov 29, 2023 |
| 0.0.11-dev | Mar 12, 2023 |
#118 in Authentication
522 downloads per month
755KB
17K
SLoC
OpenID Client
An OpenID Connect Relying Party (Client) library. This is a port of node-openid-client.
This library uses async/await but runtime agnostic.
Usage
Visit this repo for how to use the library.
Implemented specs & features
The following client/RP features from OpenID Connect/OAuth2.0 specifications are implemented by openid-client.
- OpenID Connect Core 1.0
- Authorization Callback
- Authorization Code Flow
- Implicit Flow
- Hybrid Flow
- UserInfo Request
- Offline Access / Refresh Token Grant
- Client Credentials Grant
- Client Authentication
- none
- client_secret_basic
- client_secret_post
- client_secret_jwt
- private_key_jwt
- Consuming Self-Issued OpenID Provider ID Token response
- Authorization Callback
- OpenID Connect Discovery 1.0
- Discovery of OpenID Provider (Issuer) Metadata
- Discovery of OpenID Provider (Issuer) Metadata via user provided inputs (via [webfinger][documentation-webfinger])
- OpenID Connect Dynamic Client Registration 1.0
- Dynamic Client Registration request
- Client initialization via registration client uri
- RFC7009 - OAuth 2.0 Token revocation
- Client Authenticated request to token revocation
- RFC7662 - OAuth 2.0 Token introspection
- Client Authenticated request to token introspection
- RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow)
- RFC8705 - OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens
- Mutual TLS Client Certificate-Bound Access Tokens
- Metadata for Mutual TLS Endpoint Aliases
- Client Authentication
- tls_client_auth
- self_signed_tls_client_auth
- RFC9101 - OAuth 2.0 JWT-Secured Authorization Request (JAR)
- RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)
- RFC9449 - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)
- OpenID Connect RP-Initiated Logout 1.0
- Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)
- JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
- OAuth 2.0 Authorization Server Issuer Identification
Documentation
Support
Consider supporting this library by creating a PR/Issue in the repo.
Alternatives
If you think this library does not fit your use case, these are popular alternatives.
Dependencies
~11–31MB
~468K SLoC