Search code examples

How do I mount an node-oidc-provider against a mountPath using ExpressJS?

I am using the node-oidc-provider (v6.29.3) library to build a simple OIDC Connect mock-service and am having issues trying to mount the provider against a specific mountPath. It all works fine if mounted against / but trying to mount against /oidc is not working as the internals of the node-oidc-provider ignore the mountPath.

My setup is roughly like this:

const path = require('path')
const express = require('express')
const { Provider } = require('oidc-provider')

const configuration = require('src/utils/oidc')
const Account = require('src/account')

configuration.findAccount = Account.findAccount
const app = express()

app.set('views', path.join(__dirname, '..', 'views'))
app.set('view engine', 'ejs')

const mountPath = '/oidc'
const issuer = 'http://localhost:3000' + mountPath

const provider = new Provider(issuer, configuration)
app.use(mountPath, provider.callback)

app.listen(3000).then(() => {

I am able to connect to http://localhost:3000/oidc/.well-known/openid-configuration and receive

  "id_token_signing_alg_values_supported":["HS256", "PS256", "RS256", "ES256"],
  "response_types_supported":["code id_token","code","id_token","none"],
  "token_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "request_object_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "introspection_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],
  "revocation_endpoint_auth_signing_alg_values_supported":["HS256", "RS256", "PS256", "ES256", "EdDSA"],

Using a simple test all I log in and my logs show (correctly)

GET /oidc/auth

but then, internally, it redirects to:

GET /interaction/znBzRfhyoBTCg1cFcLult

I need the internal redirect to go to

GET /oidc/interaction/znBzRfhyoBTCg1cFcLult

How do I tell the OIDC Provider to redirect via the given mountPath instead of /?


  • You will have to configure the interactions.url helper. See documentation for more details.

    Later on you will have to build your own end-user interactions and with it you will have to configure this helper anyway.