{"id":13510270,"url":"https://github.com/panva/node-oidc-provider","last_synced_at":"2025-05-14T11:07:53.753Z","repository":{"id":37434442,"uuid":"47250070","full_name":"panva/node-oidc-provider","owner":"panva","description":"OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js","archived":false,"fork":false,"pushed_at":"2025-05-05T07:37:45.000Z","size":6884,"stargazers_count":3398,"open_issues_count":0,"forks_count":778,"subscribers_count":69,"default_branch":"main","last_synced_at":"2025-05-07T10:52:34.850Z","etag":null,"topics":["authorization","authorization-server","connect","oauth2","oidc","openid","openid-connect","openid-provider","provider","server"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/panva.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"panva"}},"created_at":"2015-12-02T09:17:41.000Z","updated_at":"2025-05-06T08:58:07.000Z","dependencies_parsed_at":"2023-02-13T00:46:32.951Z","dependency_job_id":"8fc2faff-89bb-45d0-ae57-cb91357168aa","html_url":"https://github.com/panva/node-oidc-provider","commit_stats":{"total_commits":2393,"total_committers":74,"mean_commits":32.33783783783784,"dds":0.05516088591725865,"last_synced_commit":"cabdd8a00b23bd06ecee9f0bfb5f1fe8ed5dd664"},"previous_names":[],"tags_count":332,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/panva%2Fnode-oidc-provider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/panva%2Fnode-oidc-provider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/panva%2Fnode-oidc-provider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/panva%2Fnode-oidc-provider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/panva","download_url":"https://codeload.github.com/panva/node-oidc-provider/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254129480,"owners_count":22019628,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","authorization-server","connect","oauth2","oidc","openid","openid-connect","openid-provider","provider","server"],"created_at":"2024-08-01T02:01:31.380Z","updated_at":"2025-05-14T11:07:53.675Z","avatar_url":"https://github.com/panva.png","language":"JavaScript","readme":"# oidc-provider\n\nThis module provides an OAuth 2.0 ([RFC 6749][oauth2]) Authorization Server with support for OpenID Connect ([OIDC][openid-connect]) and many\nother additional features and standards.\n\n**Table of Contents**\n\n- [Implemented specs \u0026 features](#implemented-specs--features)\n- [Certification](#certification)\n- [Documentation \u0026 Configuration](#documentation--configuration)\n- [Community Guides](#community-guides)\n- [Events](#events)\n\n## Implemented specs \u0026 features\n\nThe following specifications are implemented by oidc-provider (not exhaustive):\n\n_Note that not all features are enabled by default, check the configuration section on how to enable them._\n\n- [`RFC6749` - OAuth 2.0][oauth2] \u0026 [`OIDC` Core 1.0][core]\n- [OIDC `Discovery 1.0`][discovery]\n- Dynamic Client Registration\n  - [OIDC `Dynamic Client Registration 1.0`][registration]\n  - [`RFC7591` - OAuth 2.0 Dynamic Client Registration Protocol][oauth2-registration]\n  - [`RFC7592` - OAuth 2.0 Dynamic Client Registration Management Protocol][registration-management]\n- [OIDC `RP-Initiated Logout 1.0`][rpinitiated-logout]\n- [OIDC `Back-Channel Logout 1.0`][backchannel-logout]\n- [`RFC7009` - OAuth 2.0 Token Revocation][revocation]\n- [`RFC7636` - Proof Key for Code Exchange (`PKCE`)][pkce]\n- [`RFC7662` - OAuth 2.0 Token Introspection][introspection]\n- [`RFC8252` - OAuth 2.0 for Native Apps BCP (`AppAuth`)][oauth-native-apps]\n- [`RFC8628` - OAuth 2.0 Device Authorization Grant (`Device Flow`)][device-flow]\n- [`RFC8705` - OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (`MTLS`)][mtls]\n- [`RFC8707` - OAuth 2.0 Resource Indicators][resource-indicators]\n- [`RFC9101` - OAuth 2.0 JWT-Secured Authorization Request (`JAR`)][jar]\n- [`RFC9126` - OAuth 2.0 Pushed Authorization Requests (`PAR`)][par]\n- [`RFC9207` - OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response][iss-auth-resp]\n- [`RFC9449` - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (`DPoP`)][dpop]\n- [`RFC9701` - JWT Response for OAuth Token Introspection][jwt-introspection]\n- [FAPI 1.0 Security Profile - Part 2: Advanced (`FAPI 1.0`)][fapi]\n- [FAPI 2.0 Security Profile (`FAPI 2.0`)][fapi2sp]\n- [JWT Secured Authorization Response Mode for OAuth 2.0 (`JARM`)][jarm]\n- [OIDC Client Initiated Backchannel Authentication Flow (`CIBA`)][ciba]\n\nSupported Access Token formats:\n\n- Opaque\n- [JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens][jwt-at]\n\nThe following draft specifications are implemented by oidc-provider:\n\n- [Financial-grade API: Client Initiated Backchannel Authentication Profile (`FAPI-CIBA`) - Implementer's Draft 01][fapi-ciba]\n- [FAPI 2.0 Message Signing (`FAPI 2.0`) - Implementer's Draft 01][fapi2ms-id1]\n- [OIDC Relying Party Metadata Choices 1.0 - draft 02][rp-metadata-choices]\n\nUpdates to draft specification versions are released as MINOR library versions,\nif you utilize these specification implementations consider using the tilde `~` operator in your\npackage.json since breaking changes may be introduced as part of these version updates. Alternatively\n[acknowledge](/docs/README.md#features) the version and be notified of breaking changes as part of\nyour CI.\n\n## Certification\n\n[\u003cimg width=\"184\" height=\"96\" align=\"right\" src=\"https://cdn.jsdelivr.net/gh/panva/node-oidc-provider@acd3ebf2f5ebbb5605463cb681a1fb2ab9742ace/OpenID_Certified.png\" alt=\"OpenID Certification\"\u003e][openid-certified-link]  \nFilip Skokan has [certified][openid-certified-link] that [oidc-provider][npm-url]\nconforms to the following profiles of the OpenID Connect™ protocol.\n\n- Basic, Implicit, Hybrid, Config, Form Post, and 3rd Party-Init\n- Back-Channel Logout and RP-Initiated Logout\n- FAPI 1.0\n- FAPI CIBA\n- FAPI 2.0\n\n## Sponsor\n\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/panva/node-oidc-provider/HEAD/sponsor/Auth0byOkta_dark.png\"\u003e\n  \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://raw.githubusercontent.com/panva/node-oidc-provider/HEAD/sponsor/Auth0byOkta_light.png\"\u003e\n  \u003cimg height=\"65\" align=\"left\" alt=\"Auth0 by Okta\" src=\"https://raw.githubusercontent.com/panva/node-oidc-provider/HEAD/sponsor/Auth0byOkta_light.png\"\u003e\n\u003c/picture\u003e\n\nIf you want to quickly add OpenID Connect authentication to Node.js apps, feel free to check out Auth0's Node.js SDK and free plan. [Create an Auth0 account; it's free!][sponsor-auth0]\u003cbr\u003e\u003cbr\u003e\n\n## Support\n\nIf you or your company use this module, or you need help using/upgrading the module, please consider becoming a [sponsor][support-sponsor] so I can continue maintaining it and adding new features carefree. The only way to guarantee you get feedback from the author \u0026 sole maintainer of this module is to support the package through GitHub Sponsors.\n\n## [Documentation](/docs/README.md) \u0026 Configuration\n\noidc-provider can be mounted to existing connect, express, fastify, hapi, or koa applications, see\n[how](/docs/README.md#mounting-oidc-provider). The authorization server allows to be extended and configured in\nvarious ways to fit a variety of uses. See the [documentation](/docs/README.md) and [example folder](/example).\n\n```js\nimport * as oidc from \"oidc-provider\";\n\nconst provider = new oidc.Provider(\"http://localhost:3000\", {\n  // refer to the documentation for other available configuration\n  clients: [\n    {\n      client_id: \"foo\",\n      client_secret: \"bar\",\n      redirect_uris: [\"http://lvh.me:8080/cb\"],\n      // ... other client properties\n    },\n  ],\n});\n\nconst server = oidc.listen(3000, () =\u003e {\n  console.log(\n    \"oidc-provider listening on port 3000, check http://localhost:3000/.well-known/openid-configuration\",\n  );\n});\n```\n\nExternal type definitions are available via [DefinitelyTyped](https://npmjs.com/package/@types/oidc-provider).\n\n## Community Guides\n\nCollection of Community-maintained configuration use cases are in the [Community Guides Discussions section](https://github.com/panva/node-oidc-provider/discussions/categories/community-guides)\n\n## Events\n\noidc-provider instances are event emitters, using event handlers you can hook into the various\nactions and i.e. emit metrics that react to specific triggers. See the list of available emitted [event names](/docs/events.md) and their description.\n\n## Supported Versions\n\n| Version                                                       | Security Fixes 🔑 | Other Bug Fixes 🐞 | New Features ⭐ |\n| ------------------------------------------------------------- | ----------------- | ------------------ | --------------- |\n| [v9.x](https://github.com/panva/node-oidc-provider/tree/v9.x) | [Security Policy] | ✅                 | ✅              |\n| [v8.x](https://github.com/panva/node-oidc-provider/tree/v8.x) | [Security Policy] | ❌                 | ❌              |\n\n[npm-url]: https://www.npmjs.com/package/oidc-provider\n[openid-certified-link]: https://openid.net/certification/\n[openid-connect]: https://openid.net/connect/\n[core]: https://openid.net/specs/openid-connect-core-1_0-errata2.html\n[discovery]: https://openid.net/specs/openid-connect-discovery-1_0-errata2.html\n[oauth2-registration]: https://www.rfc-editor.org/rfc/rfc7591.html\n[registration]: https://openid.net/specs/openid-connect-registration-1_0-errata2.html\n[oauth2]: https://www.rfc-editor.org/rfc/rfc6749.html\n[oauth2-bearer]: https://www.rfc-editor.org/rfc/rfc6750.html\n[revocation]: https://www.rfc-editor.org/rfc/rfc7009.html\n[introspection]: https://www.rfc-editor.org/rfc/rfc7662.html\n[pkce]: https://www.rfc-editor.org/rfc/rfc7636.html\n[example-repo]: https://github.com/panva/node-oidc-provider-example\n[backchannel-logout]: https://openid.net/specs/openid-connect-backchannel-1_0-errata1.html\n[registration-management]: https://www.rfc-editor.org/rfc/rfc7592.html\n[oauth-native-apps]: https://www.rfc-editor.org/rfc/rfc8252.html\n[jar]: https://www.rfc-editor.org/rfc/rfc9101.html\n[device-flow]: https://www.rfc-editor.org/rfc/rfc8628.html\n[jwt-introspection]: https://www.rfc-editor.org/rfc/rfc9701.html\n[sponsor-auth0]: https://a0.to/signup/panva\n[mtls]: https://www.rfc-editor.org/rfc/rfc8705.html\n[dpop]: https://www.rfc-editor.org/rfc/rfc9449.html\n[resource-indicators]: https://www.rfc-editor.org/rfc/rfc8707.html\n[jarm]: https://openid.net/specs/oauth-v2-jarm-final.html\n[jwt-at]: https://www.rfc-editor.org/rfc/rfc9068.html\n[support-sponsor]: https://github.com/sponsors/panva\n[par]: https://www.rfc-editor.org/rfc/rfc9126.html\n[rpinitiated-logout]: https://openid.net/specs/openid-connect-rpinitiated-1_0-final.html\n[iss-auth-resp]: https://www.rfc-editor.org/rfc/rfc9207.html\n[fapi]: https://openid.net/specs/openid-financial-api-part-2-1_0-final.html\n[ciba]: https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0-final.html\n[fapi-ciba]: https://openid.net/specs/openid-financial-api-ciba-ID1.html\n[fapi2sp]: https://openid.net/specs/fapi-security-profile-2_0-final.html\n[fapi2ms-id1]: https://openid.net/specs/fapi-2_0-message-signing-ID1.html\n[Security Policy]: https://github.com/panva/node-oidc-provider/security/policy\n[rp-metadata-choices]: https://openid.net/specs/openid-connect-rp-metadata-choices-1_0-02.html\n","funding_links":["https://github.com/sponsors/panva"],"categories":["JavaScript","Server Implementation","OpenID Providers (OP)","Back-End Development","server"],"sub_categories":["Verifiable Credentials"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpanva%2Fnode-oidc-provider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpanva%2Fnode-oidc-provider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpanva%2Fnode-oidc-provider/lists"}