openid-implicit-client

Attention

The official support end-of-life (EOL) date for Gluu Server 2.4.4 is December 31, 2018. Starting January 1, 2019, no further security updates or bug-fixes will be provided for Gluu Server 2.X. We strongly recommend upgrading to the newest version.

Simple Javascript client that implements the OpenID Connect implicit flow.

This code is forked based on a javascript library written by Edmund Jay, and referened in a blog by Nat Sakimura

To use this library, include the openidconnect.js your HTML page.

• Set the provider and client configuration info through JSON objects;
• Call the server – login;
• In the callback page, callback.html, you will get ID Token back, so that you can put it into the cookie to handle the session.

---

OIDC Variables

Supported Provider Options

List of the Identity Provider's configuration parameters.

• supportedProviderOptions.issuer (string): Issuer ID
  
• supportedProviderOptions.authorization_endpoint (string): Authorization Endpoint URL
  
• supportedProviderOptions.jwks_uri (string): JWKS URI
  
• supportedProviderOptions.claims_parameter_supported (boolean): Claims parameter support
  
• supportedProviderOptions.request_parameter_supported (boolean): Request parameter support
  
• supportedProviderOptions.jwks (object): Identity Provider's JWK Set
  

Supported Request Options

Supported Login Request parameters.

• supportedRequestOptions.scope (string): Space separated scope values
  
• supportedRequestOptions.response_type (string): Space separated response_type values
  
• supportedRequestOptions.display (string): Display
  
• supportedRequestOptions.max_age (string): Max_age
  
• supportedRequestOptions.claims (object): Claims object containing what information to return in the UserInfo endpoint and ID Token
  
• supportedRequestOptions.claims.id_token (array): List of claims to return in the ID Token
  
• supportedRequestOptions.claims.userinfo (array): List of claims to return in the UserInfo endpoint
  
• supportedRequestOptions.request (boolean): Signed request object JWS. Not supported yet.
  

Supported Client Options

List of supported Client configuration parameters.

• supportedClientOptions.client_id (string): The client's client_id
  
• supportedClientOptions.redirect_uri (string): The client's redirect_uri
  

OIDC Methods

setProviderInfo(p)

• p - The Identity Provider's configuration options described in OIDC.supportedProviderOptions
  

Sets the Identity Provider's configuration parameters. It may be done declaring each parameter on code or using the returning information from OIDC.discover('https://(hostname)'). It returns a boolean value indicating status of call.

Example:

// set Identity Provider configuration
OIDC.setProviderInfo( {
    issuer: 'https://(hostname)',
    authorization_endpoint: 'http://(hostname)/auth.html',
    jwks_uri: 'https://(hostname)/jwks'
    });

// set Identity Provider configuration using discovery information
var discovery = OIDC.discover('https://(hostname)');
if(var)
  OIDC.setProviderInfo(discovery);

setClientInfo(p)

• p - The Client's configuration options described in OIDC.supportedClientOptions
  

Sets the Client's configuration parameters. It returns a boolean value indicating status of call.

Example:

// set client_id and redirect_uri
OIDC.setClientInfo( {
   client_id: 'myclientID',
   redirect_uri: 'https://rp.example.com/callback.html'
  }
);

storeInfo(providerInfo, clientInfo)

• providerInfo - The Identity Provider's configuration options described in OIDC.supportedProviderOptions
  
• clientInfo - The Client's configuration options described in OIDC.supportedClientOptions
  

Stores the Identity Provider and Client configuration options in the browser session storage for reuse later.

restoreInfo()

Load and set the Identity Provider and Client configuration options from the browser session storage.

checkRequiredInfo(params)

• params - List of Identity Provider and client configuration parameters
  

Check whether the required configuration parameters are set. It returns a boolean value indicating whether the options have been set.

clearProviderInfo()

Clears the Identity Provider configuration parameters.

login(reqOptions)

• reqOptions - Optional authentication request options (OIDC.supportedRequestOptions)
  

Redirect to the Identity Provider for authentication.

Example:

// login with options
OIDC.login({
   scope : 'openid profile',
   response_type : 'token id_token',
   max_age : 60,
   claims : {
      id_token : ['email', 'phone_number'],
      userinfo : ['given_name', 'family_name']
      }
});

// login with default
// scope = openid and response_type = id_token
OIDC.login();

verifyIdTokenSig(id_token)

• id_token - The ID Token string
  

Verifies the ID Token signature using the JWK Keyset from jwks or jwks_uri of the Identity Provider Configuration options set via OIDC.setProviderInfo. Supports only RSA signatures. It returns a boolean value indicates whether the signature is valid or not.

isValidIdToken(id_token)

• id_token - The ID Token string
  

Validates the information in the ID Token against configuration data in the Identity Provider and Client configuration set via OIDC.setProviderInfo and set via OIDC.setClientInfo. It returns a boolean value indicating the validity of the ID Token.

rsaVerifyJWS(jws, jwk)

• jws - The JWS string
  
• jwk - The JWK Key that will be used to verify the signature
  

Verifies the JWS string using the JWK. It returns a boolean value indicating the validity of the JWS signature.

getValidIdToken()

Return the ID Token string taken from the current page URL whose signature is verified and contents validated against the configuration data set via OIDC.setProviderInfo and OIDC.setClientInfo.

getAccessToken()

Return Access Token string taken from the current page URL.

getCode()

Return Authorization Code string taken from the current page URL.

getIdTokenParts(id_token)

• id_token - The ID Token string
  

Splits the ID Token string into the individual JWS parts. It returns an array of the JWS compact serialization components (header, payload, signature).

getIdTokenPayload(id_token)

• id_token - The ID Token string
  

Return a JSON object with contents of the ID Token payload.

getJsonObject(jsonS)

• jsonS - JSON string
  

Return the JSON object from the JSON string.

fetchJSON(url)

• url - URL to fetch the JSON file
  

Retrieves the JSON file at the specified URL. The URL must have CORS enabled for this function to work. It returns a string of contents of the URL or null.

jwk_get_key(jwkIn, kty, use, kid)

• jwkIn - JWK Keyset string or object.
  
• kty - The 'kty' to match (RSA|EC). Only RSA is supported.
  
• use - The 'use' to match (sig|enc).
  
• kid - The 'kid' to match
  

Retrieve the JWK key that matches the input criteria. It returns an array of JWK keys that match the specified criteria.

discover(issuer)

• issuer - The Identity Provider's issuer_id
  

Performs discovery on the Identity Provider's issuer_id. It returns the JSON object of the discovery document or null.

debug(toggle, id_token)

• toggle - Boolean value that enables or disables debugging output
  
• id_token - The ID Token string
  

Print current Client's configuration options, Identity Provider's configuration options, results for verification and validation of id_token and its signature directly on console.

getUserInfo(access_token)

• access_token - Access Token string
  

Make the call to UserInfo endpoint with access token. It returns the user claims sent by the Identity Provider.