JSPM

verdaccio-openid-atabix

0.9.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1
  • Score
    100M100P100Q10821F
  • License MIT

A UI for OIDC authentication for Verdaccio, a fork of verdaccio-openid without some errors.

Package Exports

  • verdaccio-openid-atabix
  • verdaccio-openid-atabix/dist/server/index.js
  • verdaccio-openid-atabix/dist/server/index.mjs

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (verdaccio-openid-atabix) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

verdaccio-openid

npm npm npm

About

This is a fork of a Verdaccio plugin that offers OIDC OAuth integration for both the browser and the command line.

This package differs from the verdaccio-openid package in that it doesn't throw an error when the oidc endpoint doesn't provide a roles claim.

Compatibility

  • Verdaccio 5, 6
  • Node 16, 18
  • Chrome, Firefox, Firefox ESR, Edge, Safari

Setup

Install

  1. Install globally
npm install -S verdaccio-openid
  1. Install to Verdaccio plugins folder

npm >= 7

mkdir -p ./install-here/
npm install --global-style \
  --bin-links=false --save=false --package-lock=false \
  --omit=dev --omit=optional --omit=peer \
  --prefix ./install-here/ \
  verdaccio-openid@latest
mv ./install-here/node_modules/verdaccio-openid/ /path/to/verdaccio/plugins/

Verdaccio Config

Merge the below options with your existing Verdaccio config:

middlewares:
  openid:
    enabled: true

auth:
  openid:
    provider-host: https://example.com # required, the host of oidc provider
    # configuration-uri: https://example.com/.well-known/openid-configuration # optional
    # issuer: https://example.com # optional, jwt issuer, use 'provider-host' when empty
    # authorization-endpoint: https://example.com/oauth/authorize # optional
    # token-endpoint: https://example.com/oauth/token # optional
    # userinfo-endpoint: https://example.com/oauth/userinfo # optional
    # jwks-uri: https://example.com/oauth/jwks # optional
    # scope: openid email groups # optional. custom scope, default is openid
    client-id: CLIENT_ID # optional, you can set it with environment variable 'VERDACCIO_OPENID_CLIENT_ID'
    client-secret: CLIENT_SECRET # optional, you can set it with environment variable 'VERDACCIO_OPENID_CLIENT_SECRET'
    username-claim: name # optional. username claim in openid, or key to get username in userinfo endpoint response, default is sub
    groups-claim: groups # optional. claim to get groups from
    # provider-type: gitlab # optional. define this to get groups from gitlab api
    # authorized-groups: # optional. user in array is allowed to login. use true to ensure user have at least one group, false means no groups check
    #  - access
    # group-users: # optional. custom the group users. eg. animal group has user tom and jack. if set, 'groups-claim' and 'provider-type' take no effect
    #   animal:
    #     - tom
    #     - jack

Now you can use the openid-connect auth in the webUI.

Environment Variables

Name Description
VERDACCIO_OPENID_CLIENT_ID OIDC client ID
VERDACCIO_OPENID_CLIENT_SECRET OIDC client secret

Token Expiration

To set the token expiration time, follow the instructions in the Verdaccio docs.

security:
  api:
    jwt:
      sign:
        expiresIn: 7d # npm token expiration
  web:
    sign:
      expiresIn: 7d # webUI token expiration

OpenID Callback URL

Auth with CLI

npx verdaccio-openid@latest --registry http://your-registry.com