{"library":"oidc-provider","title":"OpenID Connect Provider for Node.js","description":"oidc-provider is a comprehensive OAuth 2.0 Authorization Server implementation that includes full support for OpenID Connect 1.0, designed for Node.js environments. Currently stable at version 9.8.2, the library maintains an active release cadence with frequent minor and patch updates, often incorporating new features and specification compliance. Its key differentiators include extensive OpenID Certification across various profiles (e.g., Basic, Implicit, Hybrid, FAPI 1.0/2.0, CIBA), a wide array of implemented OAuth 2.0 and OIDC specifications (PKCE, JAR, PAR, DPoP, MTLS, Device Flow, Dynamic Client Registration, Back-Channel/RP-Initiated Logout, Token Introspection/Revocation, Resource Indicators, JARM, CIMD), and a highly configurable architecture that allows for custom storage adapters and interaction flows. It provides the core OIDC server logic, leaving UI and storage implementation to the developer, offering flexibility but also requiring careful custom integration.","language":"javascript","status":"active","last_verified":"Sun Apr 19","install":{"commands":["npm install oidc-provider"],"cli":null},"imports":["import { Provider } from 'oidc-provider';","import * as errors from 'oidc-provider/lib/helpers/errors';","import { Adapter, AdapterFactory } from 'oidc-provider'; // for type definitions or factory"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import { Provider } from 'oidc-provider';\nimport { strict as assert } from 'assert';\n\n// Minimal in-memory adapter for quickstart (DO NOT USE IN PRODUCTION)\n// A real application requires a persistent storage solution (e.g., database).\nclass MemoryAdapter {\n  constructor(name) { this.name = name; this.store = new Map(); }\n  async upsert(id, payload, expiresIn) { this.store.set(id, { payload, expiresAt: Date.now() + (expiresIn * 1000) }); return id; }\n  async find(id) { const record = this.store.get(id); return record && record.expiresAt > Date.now() ? record.payload : undefined; }\n  async findByUser(userCode) { for (const [id, record] of this.store) { if (record.payload?.userCode === userCode) return this.find(id); } return undefined; }\n  async findByUid(uid) { for (const [id, record] of this.store) { if (record.payload?.uid === uid) return this.find(id); } return undefined; }\n  async destroy(id) { this.store.delete(id); }\n  async consume(id) { const record = await this.find(id); if (record) { record.consumed = Date.now(); } return record; }\n}\n\n// Basic configuration (replace with your secure, production-ready config)\nconst configuration = {\n  clients: [{\n    client_id: 'test_client',\n    client_secret: 'test_secret',\n    redirect_uris: ['http://localhost:3000/cb'],\n    response_types: ['code'],\n    grant_types: ['authorization_code', 'refresh_token'],\n  }],\n  features: { // Enable PKCE and Refresh Tokens for better security and UX\n    pkce: { enabled: true },\n    refreshToken: { enabled: true },\n  },\n  // You MUST provide your own interaction UI for login/consent/etc.\n  // This function maps an interaction request to a URL for your UI.\n  interactions: {\n    url: (ctx, interaction) => {\n      // In a real app, this would redirect to your custom login/consent page\n      return `/interaction/${interaction.uid}`;\n    },\n  },\n  adapter: MemoryAdapter, // Use the in-memory adapter for quick testing\n  // For production, always generate and securely manage strong, rotated secret keys\n  jwks: {\n    keys: [{\n      \"d\": \"f81f-example-private-key-part-DO-NOT-USE-IN-PROD\",\n      \"dp\": \"f81f-example-private-key-part-DO-NOT-USE-IN-PROD\",\n      \"dq\": \"f81f-example-private-key-part-DO-NOT-USE-IN-PROD\",\n      \"ext\": true,\n      \"kty\": \"RSA\",\n      \"n\": \"f81f-example-public-key-part\",\n      \"p\": \"f81f-example-private-key-part-DO-NOT-USE-IN-PROD\",\n      \"q\": \"f81f-example-private-key-part-DO-NOT-USE-IN-PROD\",\n      \"qi\": \"f81f-example-private-key-part-DO-NOT-USE-IN-PROD\",\n      \"use\": \"sig\"\n    }]\n  }\n};\n\nconst provider = new Provider('http://localhost:3000', configuration);\n\n// Example of how you would integrate with an HTTP server, e.g., Express:\n// import express from 'express';\n// const app = express();\n// app.use(provider.callback());\n// app.listen(3000, () => console.log('OIDC Provider listening on port 3000'));\n\nconsole.log('OIDC Provider instantiated. Remember to set up a real adapter, interaction UI, and secure JWKS.');\n// To make this code runnable for checklist.day validation:\nassert.ok(provider instanceof Provider, 'Provider was not instantiated correctly');\nconsole.log('Quickstart complete: Provider instantiated successfully.');","lang":"typescript","description":"This quickstart demonstrates the instantiation of a basic OIDC Provider with a minimal in-memory adapter and client configuration, emphasizing the critical need for a persistent storage adapter, custom interaction UI, and securely managed JWKS for any production deployment. It illustrates the core `Provider` class and essential configuration structure.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}