This repository contains a NestJS server configured as an OpenID Connect service provider. The server has authentication and logout endpoints and recognize returning users in compliance with the OpenID Connect standard.
Once the server is running, you can access the client in your browser by navigating to https://fs.tpommellet.docker.dev-franceconnect.fr
Once authenticated, you can access protected resources by navigating to https://fs.tpommellet.docker.dev-franceconnect.fr/protected
screen recording
Screen.Recording.2024-03-18.at.10.30.21.mov
To focus on core functionalities, the following design decisions and simplifications have been made:
- Client Interface: The client is served statically by the NestJS server, leading to the FranceConnect authentication response being directed to a server endpoint. This necessitates handling state and nonce internally within the authentication service due to cross-domain cookie access restrictions. Optimally, a client-side redirect would enable secure storage and retrieval of these values via cookies.
- User Database: The current user database is represented as a simple list within the user service. This basic setup does not perform checks for existing users before new user creation nor does it update local user information with data received from FranceConnect. A more robust implementation would involve persistent storage and mechanisms to check and synchronize user data.
Create a .env file in the root of the project with the following keys and values.
NB: replace CLIENT_SECRET with the client secret I've received by SMS
# .env file
JWT_SECRET='tanguypommellet'
PROTECTED_ENDPOINT='https://fs.tpommellet.docker.dev-franceconnect.fr/protected'
FC_CONFIG_URL='https://fcp-low.integ01.dev-franceconnect.fr/api/v2/.well-known/openid-configuration'
LOGIN_REDIRECT_URI='https://fs.tpommellet.docker.dev-franceconnect.fr/api/login-callback'
POST_LOGOUT_REDIRECT_URI='https://fs.tpommellet.docker.dev-franceconnect.fr/api/logout-callback'
CLIENT_ID='51c101172767dfe77fcfa3a67f8b0e6039fbd5c14442ef8e175e21de94dccb2c'
CLIENT_SECRET=
Before running the application, ensure you have the following prerequisites installed:
- Docker (Follow the Docker installation guide here: https://docs.docker.com/get-docker/)
Build the Docker image by running:
$ docker build -t franceconnect-app .To run the app in a Docker container, execute:
$ docker run -p 443:443 franceconnect-appRun your tests with the following commands:
# unit tests
$ docker exec <container_id> npm run test
# end to end tests
$ docker exec <container_id> npm run test:e2e
# test coverage
$ docker exec <container_id> npm run test:covBefore running the application, ensure you have the following prerequisites installed:
- Node.js version 18.13
- mkcert to run this application with HTTPS locally.
This application is configured to run over HTTPS locally. To set up SSL for local development, follow these steps:
-
Install mkcert (follow the installation instructions for mkcert here: https://github.com/FiloSottile/mkcert)
-
Run
mkcert -installto set up a local CA. -
Navigate to this project directory and create a certs directory if it doesn't exist:
$ mkdir -p certs && cd certs- Generate SSL certificates for your local development domain:
$ mkcert fs.tpommellet.docker.dev-franceconnect.frThis will generate two files: fs.tpommellet.docker.dev-franceconnect.fr.pem and fs.tpommellet.docker.dev-franceconnect.fr-key.pem. Ensure these files are located in the ./certs directory within the project.
Install all dependencies by running:
$ npm installTo run the app locally with HTTPS:
# development mode
$ npm run start
# watch mode
$ npm run start:devBy default, the application will start on port 443. Ensure this port is available or change the port in your environment configuration.
Run your tests with the following commands:
# unit tests
$ npm run test
# end to end tests
$ npm run test:e2e
# test coverage
$ npm run test:covNest is MIT licensed.