import express from 'express'
import {Issuer, generators} from 'openid-client'
import bodyParser from 'body-parser'
async function run() {
const app = express();
app.use(bodyParser.urlencoded());
app.use(bodyParser.json())
const issuer = await Issuer.discover(process.env.OIDC_GATEWAY_URI);
console.log('Discovered issuer %s %O', issuer.issuer, issuer.metadata);
const client = new issuer.Client({
client_id: process.env.OIDC_CLIENT_ID,
client_secret: process.env.OIDC_CLIENT_SECRET,
redirect_uris: [process.env.OIDC_REDIRECT_URIS],
response_types: ['code'],
// id_token_signed_response_alg (default "RS256")
})
const code_verifier = generators.codeVerifier();
const code_challenge = generators.codeChallenge(code_verifier);
app.get('/', async function (req, res) {
let url = client.authorizationUrl({
redirect_uri: process.env.CLIENT_URL + '/cb',
scope: 'openid profile offline_access',
response_type: 'code',
code_challenge,
code_challenge_method: 'S256',
});
res.redirect(url);
});
app.get('/cb', async function (req, res) {
const params = client.callbackParams(req);
const tokenSet = await client.callback(process.env.CLIENT_URL + '/cb', params,{ code_verifier });
const userinfo = await client.userinfo(tokenSet.access_token);
res.send(
`
${JSON.stringify(userinfo)}
${JSON.stringify(tokenSet)}
refresh
access
`
)
});
app.get('/access/:token', async function (req, res) {
const access = await client.userinfo(req.params.token)
res.send(
`
${JSON.stringify(access)}
access
`
)
});
app.get('/refresh/:token', async function (req, res) {
const refresh = await client.refresh(req.params.token)
res.send(
`
${JSON.stringify(refresh)}
refresh
`
)
});
app.listen(3000);
}
run().catch(console.dir);