github.com/hashicorp/cap@v0.6.0/oidc/examples/spa/README.md (about) 1 # spa 2 3 4 An example OIDC SPA (single page application) that supports both the authorization 5 code (with optional PKCE) and implicit OIDC flows. 6 7 <hr> 8 9 10 ## Running the example app 11 ``` 12 go build 13 ``` 14 Without any flags, the app will use the authorization code flow. 15 ``` 16 ./spa 17 ``` 18 19 With the `-pkce` flag, the app will use the authorization code with PKCE flow. 20 ``` 21 ./spa -pkce 22 ``` 23 24 With the `-implicit` flag, the app will use the implicit flow. 25 ``` 26 ./spa -implicit 27 ``` 28 29 With the `-max-age` flag, the cli will require an authentication not older than 30 the max-age specified in seconds. 31 ``` 32 ./cli -max-age <seconds> 33 ``` 34 ### Require environment variables 35 36 * OIDC_CLIENT_ID: Your Relying Party client id. 37 * OIDC_CLIENT_SECRET: Your Rely Party secret (this is not required for implicit 38 flows or authorization code with PKCE flows) 39 * OIDC_ISSUER: The OIDC issuer identifier (aka the discover URL) 40 * OIDC_PORT: The port you'd like to use for your callback HTTP listener. 41 42 <hr> 43 44 ### OIDC Provider 45 46 You must configure your provider's allowed callbacks to include: 47 `http://localhost:{OIDC_PORT}/callback` (where OIDC_PORT equals whatever you've set 48 the `OIDC_PORT` environment variable equal to). 49 50 For example, if you set `OIDC_PORT` equal to 51 `3000` the you must configure your provider to allow callbacks to: `http://localhost:3000/callback` 52 53 54 <hr> 55 56 ### OIDC Provider PKCE support. 57 Many providers require you to explicitly enable the authorization code with 58 PKCE. Auth0 for example requires you to set your application type as: Native or 59 Single Page Application if you wish to use PKCE.