This sample SP has been retired. It was used for early prototyping for integrations with login.gov and has not been maintained. It has confirmed vulnerabilities and should not be used for production itegrations.
For maintained examples of integrations with login.gov please refer to:
An example Login.gov client application which authenticates users via OpenID Connect (OIDC). Built with Node.js, Express.js, and Passport.js. Uses the openid-client package, a certified OpenID Relaying Party, to issue authentication requests.
Demo:
Install Node.js (version 8.9.3), perhaps using NVM to do so.
Install nodemon development server globally:
npm install nodemon -gInstall package dependences:
npm installSet the DISCOVERY_URL environment variable to one of the sandbox urls:
https://idp.dev.identitysandbox.govhttps://idp.int.identitysandbox.gov(untested)
Set the DISCOVERY_URL environment variable to http://localhost:3000.
Run a Login.gov (identity-idp) instance locally on port 3000:
cd path/to/identity-idp
bin/rails s -b 127.0.0.1
bundle exec sidekiq --config config/sidekiq.yml
mailcatcher -fNOTE: the
openid-clientpackage attempts to make various authentication requests to127.0.0.1:3000, but when the Login.gov instance is running normally onlocalhost:3000via themake runcommand, theopenid-clientrequests won't be able to find it (producesRequestError: connect ECONNREFUSED 127.0.0.1:3000client errors). So a work-around for this issue is to run the Login.gov instance via the commands listed above. 😃
Run this client application on a local web server:
DEBUG=identity-oidc-expressjs:* npm start # then view localhost:9393 in a browser