58 lines
1.7 KiB
Markdown
58 lines
1.7 KiB
Markdown
# @resuely/astro-oidc-rp
|
|
|
|
Astro integration that injects OIDC login/callback/logout routes, a middleware that sets `Astro.locals.user`, and type augmentation.
|
|
|
|
## Install
|
|
|
|
npm install @resuely/astro-oidc-rp
|
|
|
|
## Usage (astro.config.mjs)
|
|
|
|
import { defineConfig } from "astro/config";
|
|
import resuelyOidc from "@resuely/astro-oidc-rp";
|
|
|
|
export default defineConfig({
|
|
integrations: [
|
|
resuelyOidc({
|
|
issuer: "https://your-idp",
|
|
clientId: "YOUR_CLIENT_ID",
|
|
cookie: { signingSecret: process.env.OIDC_SIGNING_SECRET! },
|
|
protected: ["/app/*", "/me"],
|
|
}),
|
|
],
|
|
});
|
|
|
|
- Injected routes:
|
|
- Login: /login
|
|
- Callback: /oidc/callback
|
|
- Logout: /logout
|
|
|
|
## Options
|
|
- issuer: string (required)
|
|
- clientId: string (required)
|
|
- scopes?: string (default: "openid email profile")
|
|
- routes?: { login?: string; callback?: string; logout?: string }
|
|
- redirectUri?: { mode: "infer-from-request" } | { absolute: string }
|
|
- cookie?: { name?: string; sameSite?: "Lax"|"Strict"|"None"; secure?: boolean; domain?: string; path?: string; signingSecret: string; maxAgeSec?: number }
|
|
- protected?: string[] patterns
|
|
|
|
## Types: Astro.locals
|
|
Enable type augmentation by referencing the package export:
|
|
|
|
- Add to your tsconfig.json: { "compilerOptions": { "types": ["@resuely/astro-oidc-rp/astro-locals"] } }
|
|
|
|
Then `locals.user` is typed as `{ sub: string; email?: string } | null | undefined`.
|
|
|
|
## Security notes
|
|
- Always provide a strong `cookie.signingSecret`.
|
|
- In production, cookies are `Secure` by default.
|
|
- The init cookie used during login is short-lived (5 minutes) and set `HttpOnly` + `SameSite=Lax`.
|
|
|
|
## Build & Publish
|
|
|
|
- Build: npm run build
|
|
- Publish to npm: npm publish --access public
|
|
|
|
## License
|
|
MIT
|