Skip to main content

Integrating with External Identity Providers

danger

TODO: Not tested at all; assume nothing works

Introduction

In this tutorial, we will demonstrate how to integrate Veramo with external identity providers such as OAuth2 and OpenID Connect. This will enable you to bridge different identity systems and achieve interoperability.

Steps

Prerequisites

Before you begin, follow the prerequisites for installation and configuration instructions.

1. Integrate with OAuth2

To integrate with OAuth2, you can use the passport library along with passport-oauth2. Below is an example of setting up OAuth2 integration:

const express = require("express");
const passport = require("passport");
const OAuth2Strategy = require("passport-oauth2").Strategy;

const app = express();

// Configure the OAuth2 strategy
passport.use(
  new OAuth2Strategy(
    {
      authorizationURL: "https://provider.com/oauth2/authorize",
      tokenURL: "https://provider.com/oauth2/token",
      clientID: "your-client-id",
      clientSecret: "your-client-secret",
      callbackURL: "http://localhost:3000/auth/callback",
    },
    function (accessToken, refreshToken, profile, done) {
      User.findOrCreate({ oauthId: profile.id }, function (err, user) {
        return done(err, user);
      });
    }
  )
);

app.use(passport.initialize());

// Define routes
app.get("/auth", passport.authenticate("oauth2"));

app.get(
  "/auth/callback",
  passport.authenticate("oauth2", { failureRedirect: "/" }),
  function (req, res) {
    res.redirect("/");
  }
);

app.listen(3000, () => {
  console.log("Server is running on http://localhost:3000");
});

2. Integrate with OpenID Connect

To integrate with OpenID Connect, you can use the openid-client library. Below is an example of setting up OpenID Connect integration:

const express = require("express");
const { Issuer, Strategy } = require("openid-client");

const app = express();

Issuer.discover("https://provider.com").then(function (issuer) {
  const client = new issuer.Client({
    client_id: "your-client-id",
    client_secret: "your-client-secret",
    redirect_uris: ["http://localhost:3000/auth/callback"],
    response_types: ["code"],
  });

  passport.use(
    "oidc",
    new Strategy(
      {
        client,
        passReqToCallback: false,
      },
      (tokenset, userinfo, done) => {
        return done(null, userinfo);
      }
    )
  );

  app.use(passport.initialize());

  app.get("/auth", passport.authenticate("oidc"));

  app.get(
    "/auth/callback",
    passport.authenticate("oidc", { failureRedirect: "/" }),
    (req, res) => {
      res.redirect("/");
    }
  );

  app.listen(3000, () => {
    console.log("Server is running on http://localhost:3000");
  });
});