ndi-login

Helper library for using Singapore NDI Singpass/Corpass login.

Install via NPM

npm install ndi-login

Import

import { NdiLogin } from 'ndi-login';

const { NdiLogin } = require('ndi-login');

Create instance

const ndiLogin = new NdiLogin({
  issuer: 'https://stg-id.singpass.gov.sg',
  clientId: 'YOUR_CLIENT_ID',
  clientAssertionJwk: {
    // JWK for signing/verifying client assertion in JSON format
  },
  idTokenJwk: {
    // JWK for encrypting/decrypting ID token in JSON format
  },
});

Generate authorization URI

const uri = await ndiLogin.generateAuthorizationUri({ redirectUri, codeChallenge, state, nonce })

Backchannel authentication

const clientAssertion = await ndiLogin.generateClientAssertion();
const { authReqId } = await ndiLogin.backchannelAuthenticate({ clientAssertion, uin })

Exchange for tokens with authorization code

const clientAssertion = await ndiLogin.generateClientAssertion();
const { idToken } = await ndiLogin.getTokens({ clientAssertion, code, redirectUri, codeVerifier });
const { sub } = await ndiLogin.getIdTokenClaims(idToken);
const { uin } = NdiLogin.parseIdTokenSub(sub);

Exchange for tokens with backchannel authentication request ID

const clientAssertion = await ndiLogin.generateClientAssertion();
const { idToken } = await ndiLogin.getTokens({ clientAssertion, authReqId });
const { sub } = await ndiLogin.getIdTokenClaims(idToken);
const { uin } = NdiLogin.parseIdTokenSub(sub);

Get your (relying party) JWKS to expose to NDI

const jwks = await ndiLogin.getRpJwks();

Utility method to generate a new pair of JWK for you (relying party)

const { clientAssertionJwk, idTokenJwk } = await NdiLogin.generateRpJwks();

Utility methods for PKCE

const codeVerifier = NdiLogin.generateCodeVerifier();
const codeChallenge = NdiLogin.generateCodeChallege(codeVerifier);

Utility methods for random values

const state = NdiLogin.generateState();
const nonce = NdiLogin.generateNonce();

ahzhezhe / ndi-login

ndi-login

Install via NPM

Import

Create instance

Generate authorization URI

Backchannel authentication

Exchange for tokens with authorization code

Exchange for tokens with backchannel authentication request ID

Get your (relying party) JWKS to expose to NDI

Utility method to generate a new pair of JWK for you (relying party)

Utility methods for PKCE

Utility methods for random values

About

Languages