{"id":19602326,"url":"https://github.com/acodercat/egg-oidc-server","last_synced_at":"2025-04-27T17:32:13.166Z","repository":{"id":143870978,"uuid":"143590598","full_name":"acodercat/egg-oidc-server","owner":"acodercat","description":"egg-oidc-server","archived":false,"fork":false,"pushed_at":"2018-10-26T03:31:42.000Z","size":38,"stargazers_count":15,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-05T01:51:12.231Z","etag":null,"topics":["egg","egg-oidc","jwt","oauth2","oauth2-provider","oauth2-server","oidc"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/acodercat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-05T06:55:24.000Z","updated_at":"2023-04-11T07:34:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"c7b542f7-60cf-4a17-9e3b-557ba9ddbb2c","html_url":"https://github.com/acodercat/egg-oidc-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acodercat%2Fegg-oidc-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acodercat%2Fegg-oidc-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acodercat%2Fegg-oidc-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acodercat%2Fegg-oidc-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/acodercat","download_url":"https://codeload.github.com/acodercat/egg-oidc-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251177993,"owners_count":21548143,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["egg","egg-oidc","jwt","oauth2","oauth2-provider","oauth2-server","oidc"],"created_at":"2024-11-11T09:23:33.996Z","updated_at":"2025-04-27T17:32:13.157Z","avatar_url":"https://github.com/acodercat.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# egg-oidc-server\n\n\n\n## 安装依赖模块\n\n```bash\n$ npm i\n```\n\n\n## 执行迁移\n\n迁移的配置文件在database目录下的`config.json`。\n```bash\n npm run sequelize -- db:migrate\n```\n\n## 运行\n\n### linux\n\n```bash\nDEBUG=oidc-provider:* npm run dev\n```\n\n### windows\n\n```bash\nset DEBUG=oidc-provider:* \u0026 npm run dev\n```\n\n## 说明\n在`app/extend`有一个`oidc_persistence.js`文件，这个文件是对oidc的数据进行持久化，比如对client和accessToken进行保存。\n如果没有则默认是存放在内存中，重启node后数据将清空。\n\n## 路由\n\n### 发现服务\n\n\u003e GET /.well-known/openid-configuration\n\noidc的发现服务，这个接口返回了服务的详细信息。\n\n\n### 客户端注册\n\n\u003e POST /reg\n\n客户端注册接口\n\n#### 参数\n\n```json\n{\n    \"application_type\": \"web\",\n\t\"redirect_uris\": [\"https://127.0.0.1:3000\"],\n\t\"response_types\": [\"id_token token\"],\n\t\"grant_types\":[\"implicit\"],\n\t\"token_endpoint_auth_method\":\"client_secret_post\"\n}\n```\n\n#### 响应\n\n```json\n{\n    \"application_type\": \"web\",\n    \"grant_types\": [\n        \"implicit\"\n    ],\n    \"id_token_signed_response_alg\": \"RS256\",\n    \"require_auth_time\": false,\n    \"response_types\": [\n        \"id_token token\"\n    ],\n    \"subject_type\": \"public\",\n    \"token_endpoint_auth_method\": \"client_secret_post\",\n    \"request_uris\": [],\n    \"client_id_issued_at\": 1533610994,\n    \"client_id\": \"0d3612b8-0c85-430e-815a-70a369b99797\",\n    \"client_secret_expires_at\": 0,\n    \"client_secret\": \"XLYyczWIUjvl2bDkP1eynj7rPprKlBvpU5EQn5+XdR8xe2TR/F3wlTT9JL11HboV\",\n    \"redirect_uris\": [\n        \"https://127.0.0.1:3000\"\n    ],\n    \"introspection_endpoint_auth_method\": \"client_secret_post\",\n    \"revocation_endpoint_auth_method\": \"client_secret_post\",\n    \"registration_client_uri\": \"http://localhost:7001/reg/0d3612b8-0c85-430e-815a-70a369b99797\",\n    \"registration_access_token\": \"fFjKuyAgHNxjfXB4DHNzpHhAfqSrbm4f96eYEaf_75B\"\n}\n```\n\n### 获取token\n\n\u003e POST /token\n\n这个示例只展示了通过`password`的授权方式获取token。其他方式的token获取方式需要详细了解下OAuth2协议。同时oidc不支持`password`授权方式，我在框架的app.js中对oidc进行了扩展。\n\n#### 参数\n\n```json\n{\n    \"client_id\": \"ab812216-5c28-44d0-841e-59cd9bf7385d\",\n    \"grant_type\": \"password\",\n    \"username\": \"1\",\n    \"password\": \"1\",\n    \"client_secret\": \"9DLNXp1dXI4T4KLWTWyqlCKgVHMYdTKgqSXt3Mho02/VJPziD85rbdxF7/WKX27p\"\n}\n\n\n```\n#### 响应\n\n```json\n{\n    \"access_token\": \"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IklxeEcyV185VTZGczB3dEVZNHFBNkhEV3dXcGFTeWtobEZUeld6MlVuYUUifQ.eyJqdGkiOiJscGlVNXR0aTRqU3JCZHdkcUpEXzgiLCJzdWIiOjEsImlzcyI6Imh0dHA6Ly8xMjcuMC4wLjE6MzAwMCIsImlhdCI6MTUzMzYxMTIyMiwiZXhwIjoxNTMzNjE0ODIyLCJhdWQiOiJhYjgxMjIxNi01YzI4LTQ0ZDAtODQxZS01OWNkOWJmNzM4NWQifQ.lEOB3MdNsvO-M88tVYaqAZi13F7K0ij25X5h3mW4krVV_xTWECRDWWHq_UTWhso-CIBIeogDzMzwv1jaVfWZWJgNqkZWWf20XOgUEyZkP_nbsH10YjpPYRVXXorJF-dENv-RA7aUSBg6JwN0C5Lh4XTUJ7zB1Pdz7PGAAIfbnhVhUpa4iPhG5XfY7iLCnY5Xv1BP903CgZLvY8P9Mvz4cc_hpQRK4DUML8N3592F5WgeDBS2BRLycG-FjpckVCO_H8zj51vzuJNS0hWqpbQeu4lXfDbHhX1L3Y1chhHaDIq888lCuweJDrjaD3CFsKmigSlRPRiOrN2sflz-kiCRoQ\",\n    \"expires_in\": 3600,\n    \"token_type\": \"Bearer\"\n}\n```\n\n### 授权\n\n\u003e POST /auth\n\n\n请求示例\n\nhttp://localhost:7001/auth?scope=openid\u0026response_type=id_token+token\u0026client_id=b4735627-252c-480d-93aa-c635816a1e2c\u0026nonce=odekghsaoghoashg\n\n这个示例使用了`implicit`授权模式，该请求会打开一个认证页面，认证成功后通过重定向返回access_token和id_token。这个id_token也就是oidc在OAuth2基础之上的扩展。\n\n\n//  http://localhost:7001/auth?scope=openid\u0026response_type=code\u0026client_id=5533b6d4-cddc-42f2-9d4e-d8d9b0b266ab\u0026nonce=odekghsaoghoashg\n\n### 关于OAuth2和OIDC\n\nOAuth2中通过授权后返回一个access_token给客户端，客户端拿着这个access_token去资源服务器获取受保护的资源。通常这个access_token是jwt格式的。由于jwt的自包含特性，所以资源服务器可以获取jwt中的签名来实现对access_token验证。验证的目的就是判断这个access_token是不是资源服务器信任的授权服务器颁发的。OIDC除了返回一个access_token还会返回一个id_token，这个id_token就是认证后的产物也是OIDC的重点，它包含了认证的用户信息，它也是jwt格式的。id_token它跟access_token的区别在于id_token的产生一定要有用户（资源所有者）参与，同时id_token的受众是客户端，客户端需要通过它拿到认证用户的信息。access_token是授权后的产物，在有些OAuth2授权模式下并不会有用户（资源所有者）这个角色参与，比如客户端模式。同时access_token的受众是资源服务器。\n\n\n#### 推荐一位前辈关于协议的几篇文章\n\nhttp://www.cnblogs.com/linianhui/tag/OIDC/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facodercat%2Fegg-oidc-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Facodercat%2Fegg-oidc-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facodercat%2Fegg-oidc-server/lists"}