@pagopa/io-spid-commons
Version:
Common code for integrating SPID authentication
87 lines (64 loc) • 3.08 kB
Markdown
# io-spid-commons
This repo contains:
- a passport-strategy that implements [SPID](https://www.spid.gov.it)
authentication
- a method that configures an express endpoint to serve Service Provider
metadata
- a scheduled procedure that refreshes IDP metadata from the [SPID
registry](https://registry.spid.gov.it)
- a redis cache provider to validate SAML InResponseTo field
You may use this package if you're going to implement a SPID Service Provider
with a NodeJS [express server](https://expressjs.com).
## Upgrading passport-saml
Beware that any changes to the method signatures of
`SAML.prototype.generateAuthorizeRequest` and
`SAML.prototype.validatePostResponse` must be reflected inside the
[`CustomSamlClient`](./strategy/saml_client.ts) class.
That's why the version of passport-saml in package.json is currently fixed at
`1.3.5`.
## Store Additional data between login and acs steps
If you need to pass additional parameters from login request to acs callback,
you can use built-in additional parameter management, by adding a new `extraLoginRequestParamConfig` block in configuration:
```typescript
export type ExtraParamsT = t.TypeOf<typeof ExtraParams>;
export const ExtraParams = t.type({ test: t.string });
const appConfig: IApplicationConfig<ExtraParamsT> = {
extraLoginRequestParamConfig: {
codec: ExtraParams,
requestMapper: (req) =>
ExtraParams.decode({
loginType: req.header("x-test-header"),
})
},
assertionConsumerServicePath: "/acs",
clientErrorRedirectionUrl: "/error",
clientLoginRedirectionUrl: "/success",
loginPath: "/login",
metadataPath: "/metadata",
sloPath: "/logout",
spidLevelsWhitelist: ["SpidL2", "SpidL3"],
};
```
The acs callback will receive a second parameter, containing the information extracted during login step for the user:
```typescript
const acs: AssertionConsumerServiceT<ExtraParamsT> = async (
payload,
extraParams
// ^^^
// ExtraParamsT | undefined
) => {
logger.info("acs:%s%s", JSON.stringify(payload), JSON.stringify(extraParams));
return ResponsePermanentRedirect({ href: "/success?acs" } as ValidUrl);
};
```
NOTE: If the mapper or the coded return a validation error, `extraParams` will be undefined.
NOTE 2: It's better to define the codec with defaults and/or partial properties, to avoid undefined values during deploy phase
(ie: Data stored before the deploy that cannot be decoded with new codec because of lack of required properties)
## Local development
To run the project locally with the embedded example express application run the following commands:
```sh
yarn install
yarn build
docker-compose up --build
```
PS. If was present locally a previously cached version of `io-spid-commons` docker container and you get the error `Unexpected token <` on `node_modules/xml-encription/lib/templates/encrypted-key.tpl.xml.js`, is needed to clean all the old containers datas with `docker system prune --all` before running the project again.