Provider

Overview

Use one of the built in providers for the best experience

Authentication Provider Presets

Nuxt OIDC Auth includes presets for the following providers with tested default values:

Provider specific configurations

Some providers have specific additional fields that can be used to extend the authorization, logout or token request. These fields are available via. additionalAuthParameters, additionalLogoutParameters or additionalTokenParameters in the provider configuration.

Tokens will only be validated if the clientId or the optional audience field is part of the access_tokens (or id_token if existent) audiences. Even if validateAccessToken or validateIdToken is set, if the audience doesn't match, the token should not and will not be validated. Some providers like Entra or Zitadel don't or just in certain cases provide a parsable JWT access token. Validation will fail for these and should be disable, even if the audience is set.

The redirectUri property is always required and should always point to the callback uri of the specific provider. For Auth0 it should look like this https://YOURDOMAIN/auth/auth0/callback. The playgrounds nuxt.config.ts has examples for multiple providers.

If there is no preset for your provider, you can add a generic OpenID Connect provider by using the oidc provider key in the configuration. Remember to set the required fields and expect your provider to behave slightly different than defined in the OAuth and OIDC specifications. For security reasons, you should avoid writing the client secret directly in the nuxt.config.ts file. You can use environment variables to inject settings into the runtime config. Check the .env.example file in the playground folder for reference.

Also consider creating an issue to request additional providers being added.

# OIDC MODULE CONFIG
NUXT_OIDC_TOKEN_KEY=
NUXT_OIDC_SESSION_SECRET=
NUXT_OIDC_AUTH_SESSION_SECRET=
# AUTH0 PROVIDER CONFIG
NUXT_OIDC_PROVIDERS_AUTH0_CLIENT_SECRET=
NUXT_OIDC_PROVIDERS_AUTH0_CLIENT_ID=
NUXT_OIDC_PROVIDERS_AUTH0_BASE_URL=
# KEYCLOAK PROVIDER CONFIG
NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET=
NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID=
NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL=
...

Providers

Built-in tested and preconfigured providers

Auth0

Auth0 provider documentation

Copyright © 2024