{"library":"okta-oidc-middleware","title":"Okta Node.js OIDC Middleware","description":"The `@okta/oidc-middleware` package provides an OpenID Connect middleware for Express.js applications, simplifying the integration of Okta's authorization code flow. It handles redirecting users to Okta for authentication, processing the callback, and establishing a local session to store user context. The library currently maintains a stable major version series of 2.x, with the latest release being 4.2.0, following semantic versioning and Okta's library version policy. A key differentiator is its seamless integration with Express, managing OIDC complexities like token exchange and session maintenance, while relying on `express-session` for local session storage. It's designed to quickly enable secure authentication for Node.js web applications, abstracting away much of the underlying OIDC protocol details.","language":"javascript","status":"active","last_verified":"Thu Apr 23","install":{"commands":["npm install okta-oidc-middleware"],"cli":null},"imports":["const { ExpressOIDC } = require('@okta/oidc-middleware');","import { ExpressOIDC } from '@okta/oidc-middleware';","import type { OktaOIDCAuthOptions } from '@okta/oidc-middleware';"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"const express = require('express');\nconst session = require('express-session');\nconst { ExpressOIDC } = require('@okta/oidc-middleware');\n\nconst app = express();\n\nconst oidc = new ExpressOIDC({\n  issuer: process.env.OKTA_ISSUER || 'https://{yourOktaDomain}/oauth2/default',\n  client_id: process.env.OKTA_CLIENT_ID || '{clientId}',\n  client_secret: process.env.OKTA_CLIENT_SECRET || '{clientSecret}',\n  appBaseUrl: process.env.OKTA_APP_BASE_URL || 'http://localhost:8080',\n  scope: 'openid profile'\n});\n\napp.use(session({\n  secret: process.env.SESSION_SECRET || 'a-very-long-random-string-that-you-should-change',\n  resave: false,\n  saveUninitialized: false\n  // For production, replace MemoryStore with a persistent store (e.g., connect-redis)\n}));\napp.use(oidc.router);\n\napp.get('/', (req, res) => {\n  if (req.userContext) {\n    res.send(`\n      Hello ${req.userContext.userinfo.name}!\n      <form method=\"POST\" action=\"/logout\">\n        <button type=\"submit\">Logout</button>\n      </form>\n    `);\n  } else {\n    res.send('Please <a href=\"/login\">login</a>');\n  }\n});\n\napp.get('/protected', oidc.ensureAuthenticated(), (req, res) => {\n  res.send('This is a protected page. Welcome, ' + req.userContext.userinfo.name);\n});\n\nconst port = process.env.PORT || 8080;\noidc.on('ready', () => {\n  app.listen(port, () => console.log(`App has started on port ${port}`));\n});\noidc.on('error', err => {\n  console.error('OIDC error: ', err);\n});","lang":"javascript","description":"This example initializes an Express application with `express-session` and `@okta/oidc-middleware`, configuring a basic OIDC flow for user login and a protected route.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}