resuely/astro-oidc-rp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v1.0.1
astro-oidc-rp/README.md
Raul Lugo 261be4ea0e first commit
2026-01-22 12:31:05 +01:00

1.7 KiB
Raw Permalink Blame History

@resuely/astro-oidc-rp

Astro integration that injects OIDC login/callback/logout routes, a middleware that sets Astro.locals.user, and type augmentation.

Install

npm install @resuely/astro-oidc-rp

Usage (astro.config.mjs)

import { defineConfig } from "astro/config"; import resuelyOidc from "@resuely/astro-oidc-rp";

export default defineConfig({ integrations: [ resuelyOidc({ issuer: "https://your-idp", clientId: "YOUR_CLIENT_ID", cookie: { signingSecret: process.env.OIDC_SIGNING_SECRET! }, protected: ["/app/*", "/me"], }), ], });

  • Injected routes:
    • Login: /login
    • Callback: /oidc/callback
    • Logout: /logout

Options

  • issuer: string (required)
  • clientId: string (required)
  • scopes?: string (default: "openid email profile")
  • routes?: { login?: string; callback?: string; logout?: string }
  • redirectUri?: { mode: "infer-from-request" } | { absolute: string }
  • cookie?: { name?: string; sameSite?: "Lax"|"Strict"|"None"; secure?: boolean; domain?: string; path?: string; signingSecret: string; maxAgeSec?: number }
  • protected?: string[] patterns

Types: Astro.locals

Enable type augmentation by referencing the package export:

  • Add to your tsconfig.json: { "compilerOptions": { "types": ["@resuely/astro-oidc-rp/astro-locals"] } }

Then locals.user is typed as { sub: string; email?: string } | null | undefined.

Security notes

  • Always provide a strong cookie.signingSecret.
  • In production, cookies are Secure by default.
  • The init cookie used during login is short-lived (5 minutes) and set HttpOnly + SameSite=Lax.

Build & Publish

  • Build: npm run build
  • Publish to npm: npm publish --access public

License

MIT