search

simov / grant

OAuth Proxy
MIT License
4.08k stars 257 forks source link

Extend / add custom provider #220

Open danieljwestman opened 3 years ago

danieljwestman commented 3 years ago

Hi!

Is there any guide/info on how to add my own custom provider?

BR

danieljwestman commented 3 years ago

Ops, a bit to fast here.

Found this in the docs:

You can define your own provider by adding a key for it in your configuration. In this case all of the required configuration keys have to be specified:

{
  "defaults": {
    "origin": "http://localhost:3000"
  },
  "awesome": {
    "authorize_url": "https://awesome.com/authorize",
    "access_url": "https://awesome.com/token",
    "oauth": 2,
    "key": "...",
    "secret": "...",
    "scope": ["read", "write"]
  }
}

I guess it's just like that... 🕺

I'm planning to build/host my own simple provider with either oidc-provider or Ory

Any thoughts, guidelines or recommendations? Thanks!

simov commented 3 years ago

I've done it with oidc-provider:

{
  "panva": {
    "authorize_url": "http://localhost:4000/auth",
    "access_url": "http://localhost:4000/token",
    "oauth": 2,
    "key": "foo",
    "secret": "bar",
    "scope": [
      "openid"
    ],
    "custom_params": {
      "login_hint": "s"
    }
  }
}
var provider = new Provider('http://localhost:4000', {
  clients: [
    {
      client_id: 'foo',
      client_secret: 'bar',
      redirect_uris: [
        'http://localhost:3000/connect/panva/callback'
      ],
    }
  ],
  ...
}
danieljwestman commented 3 years ago

Nice @simov

What framework did/do you use (like Express)?

Does it work good? "Reliable"?

simov commented 3 years ago

I used Express, I think it's ok, but you can go to the examples folder in this repo and pick any of the supported HTTP frameworks. oidc-provider is built on top of Koa, which was a spin off project from the Express creator back then. Then you have Hapi and Fastify, which seems to be borrowing some ideas from Hapi .. so it depends on what you prefer I guess.

aunswjx commented 3 years ago

@simov Can you share the whole working example, please? I've tried follow the one you show above, but can't make it work. I'm not sure about access_url route.

simov commented 3 years ago

@aunsuwijak the rest of the configuration in my case was not relevant to this example. I will try to create a simple working example, but in the meantime, the /auth and /token endpoints are defined in node-oidc-provider, meaning that you only have to configure them in Grant as shown above.

aunswjx commented 3 years ago

Thanks a lot! 😃

simov commented 3 years ago

Here is a working example:

provider.js

var Provider = require('oidc-provider')

var provider = new Provider('http://localhost:4000', {
  clients: [
    {
      client_id: 'foo',
      client_secret: 'bar',
      redirect_uris: [
        'http://localhost:3000/connect/panva/callback'
      ]
    }
  ],
})

var server = provider.listen(4000, () => {
  console.log('http://localhost:4000/.well-known/openid-configuration')
})

client.js

var express = require('express')
var session = require('express-session')
var grant = require('grant').express()

express()
  .use(session({secret: 'grant', saveUninitialized: true, resave: false}))
  .use(grant(require('./config.json')))
  .get('/hello', (req, res) => {
    res.end(JSON.stringify(req.session.grant.response, null, 2))
  })
  .listen(3000)

config.json

{
  "panva": {
    "authorize_url": "http://localhost:4000/auth",
    "access_url": "http://localhost:4000/token",
    "oauth": 2,
    "key": "foo",
    "secret": "bar",
    "scope": [
      "openid"
    ],
    "custom_params": {
      "login_hint": "s"
    },
    "transport": "session",
    "pkce": true,
    "redirect_uri": "http://localhost:3000/connect/panva/callback",
    "callback": "/hello"
  }
}

Test

  1. Start the provider:
node provider.js
  1. Start the client:
node client.js
  1. Navigate to http://localhost:3000/connect/panva