Introduction
Welcome to Nuxt OIDC Auth, a Nuxt module focusing on native OIDC (OpenID Connect) based authentication for Nuxt with a high level of customizability and security for SSR applications.
This module doesn't use any external dependencies outside of the unjs ecosystem except for token validation (the well known and tested jose
library for JWT interactions).
This module's session implementation is based on nuxt-auth-utils.
Nuxt OIDC Auth Features
🔒 Secure
- Session expiration check based on token expiration
- Automatic session renewal based on token expiration and refresh tokens
- Secured & sealed cookies sessions
- Access and ID token cryptographic validation (if supported by provider)
- Encrypted server side refresh/access token storage powered Nitro storage layer
⚙️ Nuxt integrated
- Global middleware with automatic redirection to default provider or custom login page
useOidcAuth
composable for getting the user information, logging in and out, refetching the current session and triggering a token refresh- Server side session and middleware integration
📝 Compatible
- Generic spec compatible OpenID connect provider with fully configurable OIDC flow (state, nonce, PKCE, token request, ...)
- Presets for popular OIDC providers
- Multi provider support with auto registered routes (
/auth/<provider>/login
,/auth/<provider>/logout
,/auth/<provider>/callback
)
Recent breaking changes
Since 0.16.0, the data from the providers userInfo endpoint is written into userInfo
on the user object instead of providerInfo
.
Please adjust your nuxt.config.ts
and .env/environment files and configurations accordingly.
If you are using the user object from the useOidcAuth
composable change the access to providerInfo
to userInfo
.
Disclaimer
OpenID Connect
This project and its authors are not affiliated with, endorsed by, or in any way officially connected with the OpenID Foundation (OIDF) or any of its subsidiaries or affiliates. Any references to OpenID or the OpenID Foundation are purely for descriptive purposes, and the use of their name does not imply any form of association or endorsement.
Furthermore, the logo and branding used in this project are the property of the authors and are not derived from or related to any logos or trademarks of the OpenID Foundation. All rights to the project logo are owned exclusively by the authors.
Status
This module is still in development, feedback and contributions are welcome! Use at your own risk.