Skip to content
This repository has been archived by the owner on Sep 20, 2022. It is now read-only.
/ ova-alpha Public archive

GOV.UK Prototype Kit integrated with GOV.UK Sign In. Uses node-openid-client and Passport.js

License

Notifications You must be signed in to change notification settings

cabinetoffice/ova-alpha

Repository files navigation

Mission 674 Alpha

This is a fork of the GOV.UK Prototype Kit site integrated with GOV.UK Sign In

It requires passport.js and node-openid-client, which is the only node.js library certified for the OpenID Financial-Grade API Spec.

It won't do much unless you register your service with GOV.UK Sign In as a Relying Party. You'll also need to generate keys you can transform into a JWK.

I've done this by generating a public/private keypair and certificate in the normal way (and not the way the Sign In docs recommend, because their method yields headers not understood by rsa-pem-to-jwk. [This might be a n00b problem, and there could easily be a better way to create a JWK]).

openssl genrsa -out private_rsa.pem 2048
openssl req -new -key private_rsa.pem -out csr
# answer annoying questions ...
openssl x509 -in csr -out cert.pem -req -signkey private_rsa.pem -days 365

You'll have a self-signed x509 certificate (cert.pem) and a corresponding private key (private_rsa.pem). You can add these as environment variables (e.g. in .env). But they will need to be base64 encoded so line breaks, etc, don't give you hassle:

echo RSA_PRIVATE_KEY=$(base64 private_rsa.pem) >> .env
echo CERT=$(base64 cert.pem) >> .env

You can now push your application to Gov PaaS or similar.

Any problems, contact [email protected]

About

GOV.UK Prototype Kit integrated with GOV.UK Sign In. Uses node-openid-client and Passport.js

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published