{"id":17350294,"url":"https://github.com/buehler/node-passport-zitadel","last_synced_at":"2025-04-09T10:06:33.202Z","repository":{"id":60394809,"uuid":"541455737","full_name":"buehler/node-passport-zitadel","owner":"buehler","description":"Passport JS strategy for ZITADEL IDP","archived":false,"fork":false,"pushed_at":"2024-10-23T22:16:55.000Z","size":1186,"stargazers_count":31,"open_issues_count":3,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-10-23T23:20:46.401Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/buehler.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-26T07:16:14.000Z","updated_at":"2024-10-23T20:14:11.000Z","dependencies_parsed_at":"2023-12-29T22:48:54.920Z","dependency_job_id":"b4d9fb3a-4ba9-4683-a1e7-d9fc431f86d6","html_url":"https://github.com/buehler/node-passport-zitadel","commit_stats":{"total_commits":211,"total_committers":5,"mean_commits":42.2,"dds":"0.042654028436018954","last_synced_commit":"24d2e29c4c10922c4c7f8b786a29b7aa695ba0f5"},"previous_names":[],"tags_count":81,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buehler%2Fnode-passport-zitadel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buehler%2Fnode-passport-zitadel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buehler%2Fnode-passport-zitadel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buehler%2Fnode-passport-zitadel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/buehler","download_url":"https://codeload.github.com/buehler/node-passport-zitadel/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248018060,"owners_count":21034048,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T17:06:22.543Z","updated_at":"2025-04-09T10:06:33.174Z","avatar_url":"https://github.com/buehler.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Passport for ZITADEL\n\nThis package contains [passport js](http://www.passportjs.org/)\nstrategies for ZITADEL (v2).\n\nAs a prerequisite, similar to Google OAuth, you need to create\na project and an application in ZITADEL.\n\n## Create ZITADEL instance and requirements\n\nHead over to [zitadel.cloud](https://zitadel.cloud) and login or create\na new account in the customer portal of ZITADEL. Then, you can create\na new instance (either free or \"pay as you go\"). In this new instance,\nyou can create a new project and inside it a new application.\n\n## Strategies\n\nThis section describes the provided strategies in this package. It\nis subject to change in the future if more and more strategies are\nneeded.\n\n### ZITADEL API Introspection\n\nFirst and foremost, the introspection strategy allows APIs to\nverify and validate an access token.\n\nThe strategy is based on the\n[OAuth 2.0 Token Introspection (RFC 7662)](https://tools.ietf.org/html/rfc7662)\nand checks if the provided access token (`HTTP Authorization` header)\nis valid and active.\n\nThe strategy requires an \"API Project\" in ZITADEL, which is either\nconfigured with \"Basic\" or \"JWT Profile\" as authentication method.\nBoth variants are supported in the strategy. The JWT profile variant\nis recommended.\n\nThe diagram below explains the introspection workflow:\n\n```mermaid\nsequenceDiagram\n    participant User\n    participant ZITADEL\n    participant API\n\n    User-\u003e\u003e+ZITADEL: Obtain access token\n    ZITADEL--\u003e\u003e-User: Access token\n    User-\u003e\u003e+API: Call API with access token\n    API-\u003e\u003e+ZITADEL: OAuth Introspection\n    ZITADEL--\u003e\u003e-API: Introspection result\n\n    alt is valid and active\n        API--\u003e\u003eUser: Return HTTP 20x with data\n    else is invalid or inactive\n        API--\u003e\u003eUser: Return HTTP 401/403\n    end\n\n    deactivate API\n```\n\n#### Example JWT Profile\n\nNote: To get the JWT profile json file, you can create a valid\napplication key in the API application in ZITADEL and download it.\n\n```typescript\nimport express from 'express';\nimport path from 'path';\nimport passport from 'passport';\nimport { ZitadelIntrospectionStrategy } from 'passport-zitadel';\n\nconst app = express();\nconst port = 8080;\n\n// Register the strategy with the correct configuration.\npassport.use(\n  new ZitadelIntrospectionStrategy({\n    authority: 'https://YOUR_ZITADEL_INSTANCE_NAME.zitadel.cloud',\n    authorization: {\n      type: 'jwt-profile',\n      profile: {\n        type: 'application',\n        keyId: 'key id',\n        key: 'private rsa key',\n        appId: 'app id',\n        clientId: 'client id',\n      },\n    },\n  })\n);\n\napp.use(passport.initialize());\n\napp.use(passport.authenticate('zitadel-introspection', { session: false }));\napp.get('/', (req, res) =\u003e {\n  res.send('Hello World!');\n});\n\napp.listen(port, () =\u003e {\n  console.log(`server started at http://localhost:${port}`);\n});\n```\n\n#### Example Basic\n\n```typescript\nimport express from 'express';\nimport path from 'path';\nimport passport from 'passport';\nimport { ZitadelIntrospectionStrategy } from 'passport-zitadel';\n\nconst app = express();\nconst port = 8080;\n\n// Register the strategy with the correct configuration.\npassport.use(\n  new ZitadelIntrospectionStrategy({\n    authority: 'https://YOUR_ZITADEL_INSTANCE_NAME.zitadel.cloud',\n    authorization: {\n      type: 'basic',\n      clientId: 'CLIENT ID',\n      clientSecret: 'CLIENT SECRET',\n    },\n  })\n);\n\napp.use(passport.initialize());\n\napp.use(passport.authenticate('zitadel-introspection', { session: false }));\napp.get('/', (req, res) =\u003e {\n  res.send('Hello World!');\n});\n\napp.listen(port, () =\u003e {\n  console.log(`server started at http://localhost:${port}`);\n});\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuehler%2Fnode-passport-zitadel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbuehler%2Fnode-passport-zitadel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuehler%2Fnode-passport-zitadel/lists"}