resuely/astro-oidc-rp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 1 Branch 2 Tags
4abf69844ad86c8890bd0d31abeb2b80bc0ffd52
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Raul Lugo 4abf69844a fix: unclosed string in package json
2026-01-22 12:47:17 +01:00
src
first commit
2026-01-22 12:31:05 +01:00
types
first commit
2026-01-22 12:31:05 +01:00
.gitignore
first commit
2026-01-22 12:31:05 +01:00
LICENSE
first commit
2026-01-22 12:31:05 +01:00
package-lock.json
first commit
2026-01-22 12:31:05 +01:00
package.json
fix: unclosed string in package json
2026-01-22 12:47:17 +01:00
README.md
first commit
2026-01-22 12:31:05 +01:00
tsconfig.json
first commit
2026-01-22 12:31:05 +01:00

README.md

@resuely/astro-oidc-rp

Astro integration that injects OIDC login/callback/logout routes, a middleware that sets Astro.locals.user, and type augmentation.

Install

npm install @resuely/astro-oidc-rp

Usage (astro.config.mjs)

import { defineConfig } from "astro/config"; import resuelyOidc from "@resuely/astro-oidc-rp";

export default defineConfig({ integrations: [ resuelyOidc({ issuer: "https://your-idp", clientId: "YOUR_CLIENT_ID", cookie: { signingSecret: process.env.OIDC_SIGNING_SECRET! }, protected: ["/app/*", "/me"], }), ], });

  • Injected routes:
    • Login: /login
    • Callback: /oidc/callback
    • Logout: /logout

Options

  • issuer: string (required)
  • clientId: string (required)
  • scopes?: string (default: "openid email profile")
  • routes?: { login?: string; callback?: string; logout?: string }
  • redirectUri?: { mode: "infer-from-request" } | { absolute: string }
  • cookie?: { name?: string; sameSite?: "Lax"|"Strict"|"None"; secure?: boolean; domain?: string; path?: string; signingSecret: string; maxAgeSec?: number }
  • protected?: string[] patterns

Types: Astro.locals

Enable type augmentation by referencing the package export:

  • Add to your tsconfig.json: { "compilerOptions": { "types": ["@resuely/astro-oidc-rp/astro-locals"] } }

Then locals.user is typed as { sub: string; email?: string } | null | undefined.

Security notes

  • Always provide a strong cookie.signingSecret.
  • In production, cookies are Secure by default.
  • The init cookie used during login is short-lived (5 minutes) and set HttpOnly + SameSite=Lax.

Build & Publish

  • Build: npm run build
  • Publish to npm: npm publish --access public

License

MIT

Description
No description provided
Readme MIT 322 KiB
Languages
TypeScript 100%