Extend / add custom provider

[danieljwestman]

Hi!

Is there any guide/info on how to add my own custom provider?

BR

[danieljwestman]

Ops, a bit to fast here.

Found this in the docs:

You can define your own provider by adding a key for it in your configuration. In this case all of the required configuration keys have to be specified:

{
  "defaults": {
    "origin": "http://localhost:3000"
  },
  "awesome": {
    "authorize_url": "https://awesome.com/authorize",
    "access_url": "https://awesome.com/token",
    "oauth": 2,
    "key": "...",
    "secret": "...",
    "scope": ["read", "write"]
  }
}

I guess it's just like that... 🕺

I'm planning to build/host my own simple provider with either oidc-provider or Ory

Any thoughts, guidelines or recommendations? Thanks!

[simov]

I've done it with oidc-provider:

{
  "panva": {
    "authorize_url": "http://localhost:4000/auth",
    "access_url": "http://localhost:4000/token",
    "oauth": 2,
    "key": "foo",
    "secret": "bar",
    "scope": [
      "openid"
    ],
    "custom_params": {
      "login_hint": "s"
    }
  }
}

var provider = new Provider('http://localhost:4000', {
  clients: [
    {
      client_id: 'foo',
      client_secret: 'bar',
      redirect_uris: [
        'http://localhost:3000/connect/panva/callback'
      ],
    }
  ],
  ...
}

[danieljwestman]

Nice @simov

What framework did/do you use (like Express)?

Does it work good? "Reliable"?

[simov]

I used Express, I think it's ok, but you can go to the examples folder in this repo and pick any of the supported HTTP frameworks. oidc-provider is built on top of Koa, which was a spin off project from the Express creator back then. Then you have Hapi and Fastify, which seems to be borrowing some ideas from Hapi .. so it depends on what you prefer I guess.

[aunswjx]

@simov Can you share the whole working example, please? I've tried follow the one you show above, but can't make it work. I'm not sure about access_url route.

[simov]

@aunsuwijak the rest of the configuration in my case was not relevant to this example. I will try to create a simple working example, but in the meantime, the /auth and /token endpoints are defined in node-oidc-provider, meaning that you only have to configure them in Grant as shown above.

[aunswjx]

Thanks a lot! 😃

[simov]

Here is a working example:

provider.js

var Provider = require('oidc-provider')

var provider = new Provider('http://localhost:4000', {
  clients: [
    {
      client_id: 'foo',
      client_secret: 'bar',
      redirect_uris: [
        'http://localhost:3000/connect/panva/callback'
      ]
    }
  ],
})

var server = provider.listen(4000, () => {
  console.log('http://localhost:4000/.well-known/openid-configuration')
})

client.js

var express = require('express')
var session = require('express-session')
var grant = require('grant').express()


express()
  .use(session({secret: 'grant', saveUninitialized: true, resave: false}))
  .use(grant(require('./config.json')))
  .get('/hello', (req, res) => {
    res.end(JSON.stringify(req.session.grant.response, null, 2))
  })
  .listen(3000)

config.json

{
  "panva": {
    "authorize_url": "http://localhost:4000/auth",
    "access_url": "http://localhost:4000/token",
    "oauth": 2,
    "key": "foo",
    "secret": "bar",
    "scope": [
      "openid"
    ],
    "custom_params": {
      "login_hint": "s"
    },
    "transport": "session",
    "pkce": true,
    "redirect_uri": "http://localhost:3000/connect/panva/callback",
    "callback": "/hello"
  }
}

Test

1. Start the provider:

node provider.js

2. Start the client:

node client.js

3. Navigate to http://localhost:3000/connect/panva