iserv-sso-client
Version:
An inofficial client for IServ Oauth2 / Single-Sign-On / OpenID Connect
82 lines (59 loc) • 2.9 kB
Markdown
# iserv-sso-client
An inofficial client for IServ Oauth2 / Single-Sign-On / OpenID Connect
# How to use
First you'll need to create a IServ SSO Application. This is documented [here](https://doku.iserv.eu/manage/system/sso/)
You should set **Vertrauenswürdig** to **Ja** and choose the scopes **E-Mail, OpenID, Profil, Rollen**
Copy the **Client-ID** and **Client-Geheimnis** you'll need this for your app.
# Example App using Express
```js
const SSOClient = require('iserv-sso-client') // Import SSO Module
const express = require('express') // Web Server
const session = require('express-session') // Needed to store codeVerifier in session
const app = express() // Create Web Server
app.use(session({
secret: 'ENTER RANDOM LETTERS HERE',
resave: false,
saveUninitialized: true
})) // Activate Session
// Create new SSO Client
const ssoClient = new SSOClient({
iserv: 'mein-iserv.de', // It is important to type the url like this without a slash at the end and no https:// in the beginning
clientId: 'YOUR CLIENT ID HERE',
clientSecret: 'YOUR CLIENT SECRET/GEHEIMNIS HERE',
redirectUri: 'http://localhost/openid-granted',
})
async function main() {
await ssoClient.init() // Initialize SSO Client (IMPORTANT: Use await here)
app.get('/', (req, res) => {
res.redirect('/login')
})
app.get('/login', (req, res) => {
const redirector = ssoClient.getRedirector() // Get Redirector
req.session.codeVerifier = redirector.codeVerifier // Store codeVerifier in session
res.redirect(redirector.redirectUri) // Redirect client
})
app.get('/openid-granted', async (req, res) => {
const codeVerifier = req.session.codeVerifier // Get codeVerifier from session
const user = await ssoClient.fetch(req, codeVerifier) // Fetch User (IMPORTANT: Use await here)
if (user === 'ERR') return res.send('An error occured') // If an error occured, return error message (IMPORTANT: If no error handling is implemented, your app will crash)
res.send(`
<h1>Hi, ${user.getUsername()}</h1>
<p>Your email is ${user.getEmail()}</p>
<p>Your roles are ${user.getRoles()}</p>
<p>You'll need to refresh your access token in: ${user.getAccessTokenExpireCountdown()}ms</p>
`) // Send UserData
})
app.listen(80, () => console.log('Listening on port 80'))
}
main()
```
**For this script we use the callback /openid-granted so you need to set** _http://localhost/openid-granted_ **as the Redirect URL in your code and your IServ SSO Application**
**You also need to change the CLIENT ID and CLIENT SECRET**
# Refreshing an access token
In the callback after you've got the User I recommend to use setInterval to request an new access token every 55 Minutes
```js
setInterval(async () => {
await user.refreshAccessToken()
}, 55 * 60 * 1000)
```
[Docs](https://github.com/thevideotrain/iserv-sso-client/wiki/)