angular-spa-sample
pyoidc
angular-spa-sample | pyoidc | |
---|---|---|
2 | 1 | |
28 | 699 | |
- | 0.9% | |
4.0 | 6.3 | |
2 months ago | 22 days ago | |
TypeScript | Python | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
angular-spa-sample
-
Keycloak: Open-Source Identity and Access Management
There is a document meant for best practices for browser-based apps such as SPA/PWA, which includes use of code flow.
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-brows...
(disclaimer - co-author)
The catch is that since the client web origin and AS web origin are often different sites, the AS has to actually implement CORS on their token endpoint.
Some implementations unfortunately (perhaps due to a misunderstanding about what CORS is meant to accomplish) make this a per-tenant/per-installation allowlist of origins on the AS.
Auth0 and Ping Identity (my employer) document CORS settings for products. I'm not sure about AWS and you might need to add CORS via API gateway. Azure AD supports CORS for the token endpoint, but they may limit domains in some manner (such as redirect uri of registered clients).
FWIW, I created a demo ages ago (at https://github.com/pingidentity/angular-spa-sample), which by default is configured to target Google for OpenID Connect and uses localhost for local development/testing. It hasn't aged particularly well in terms of library choices, but I do keep it running.
A deployment based on older Angular is also at https://angular-appauth.herokuapp.com to try - IIRC I used a node server just to deal with wildcard path resolution of the index file, but there's otherwise no local logic.
-
question on how to build a login system
oh well you alrady have a provider then! here is the boilerplate to integrate with ping https://github.com/pingidentity/angular-spa-sample
pyoidc
-
Keycloak: Open-Source Identity and Access Management
I really like https://tools.ietf.org/html/draft-ietf-oauth-security-topics with it's evergreen approach and looking forward to oauth2.1 to sum up the current best practices.
Depending on your use case I have good experience with https://github.com/zmartzone/mod_auth_openidc and https://github.com/panva/node-oidc-provider.
https://github.com/OpenIDC/pyoidc also might be a good choice as security researchers in that area did take a look in it...
What are some alternatives?
pingone-node-sdk - PingOne Node SDK
keycloak-ui - keycloak-ui repo is moved.
nestjs-api-boilerplate - Nestjs API Boilerplate 😍 💪 🔥 : Typescript, Postgresql, TypeORM, Swagger for Api documentation, Passport-JWT authentication, Jest, Env configuration, Migrations, Seeds, Docker, Redis, AWS S3, and best application architecture.
keycloak-demo
fusionauth-localization - FusionAuth translations
Keywhiz - A system for distributing and managing secrets
a12n-server - An open source lightweight OAuth2 server
spring-authorization-server - Spring Authorization Server
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
OpenID - OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x