Common code for integrating SPID authentication

npm install @pagopa/io-spid-commons@7.0.0



This repo contains:

  • a passport-strategy that implements SPID authentication
  • a method that configures an express endpoint to serve Service Provider metadata
  • a scheduled procedure that refreshes IDP metadata from the SPID registry
  • a redis cache provider to validate SAML InResponseTo field

You may use this package if you're going to implement a SPID Service Provider with a NodeJS express server.

Upgrading passport-saml

Beware that any changes to the method signatures of SAML.prototype.generateAuthorizeRequest and SAML.prototype.validatePostResponse must be reflected inside the CustomSamlClient class.

That's why the version of passport-saml in package.json is currently fixed at 1.3.5.

Local development

To run the project locally with the embedded example express application run the following commands:

yarn install
yarn build
docker-compose up --build

PS. If was present locally a previously cached version of io-spid-commons docker container and you get the error Unexpected token < on node_modules/xml-encription/lib/templates/encrypted-key.tpl.xml.js, is needed to clean all the old containers datas with docker system prune --all before running the project again.