Newer
Older
import * as openid from "openid-client";
config: openid.Configuration = {} as any;
if (process.env.INHIBIT_LOGIN) {
console.warn(
"OpenID is not setup; INHIBIT_LOGIN environment variable set! Proceed with caution!"
);
return;
}
const { AUTH_ENDPOINT, AUTH_CLIENT, AUTH_SECRET } = process.env;
this.config = await openid.discovery(new URL(AUTH_ENDPOINT), AUTH_CLIENT, {
client_secret: AUTH_SECRET,
});
}
getRedirectUrl() {
return process.env.OIDC_CALLBACK_HOST + "/api/callback";
}
getAuthorizationURL() {
return openid
.buildAuthorizationUrl(this.config, {
redirect_uri: this.getRedirectUrl(),
prompt: "consent",
scope: "openid instance",
})
.toString();
}
exchangeToken(relativePath: string) {
return openid.authorizationCodeGrant(
this.config,
new URL(relativePath, process.env.OIDC_CALLBACK_HOST)
);
}
userInfo<Data extends {} = {}>(
accessToken: string,
expectedSub: string
): Promise<openid.UserInfoResponse & Data> {
return openid.fetchUserInfo(this.config, accessToken, expectedSub) as any;
}