- Adds ability to sign in with your own OIDC provider
- Adds sign in button on login page
- Supports sign in and optional creation of user
npm install payload-plugin-oidc
# or
yarn add payload-plugin-oidc
// payload.config.ts
import { oidcPlugin } from 'payload-plugin-oidc';
export default buildConfig({
serverURL: process.env.SERVER_URL,
collections: [Users],
plugins: [
oidcPlugin({
clientID: process.env.OIDC_CLIENT_ID,
clientSecret: process.env.OIDC_CLIENT_SECRET,
authorizationURL: `${process.env.OIDC_URI}/oidc/auth`,
tokenURL: `${process.env.OIDC_URI}/oidc/token`,
initPath: `/oidc/signin`,
callbackPath: `/oidc/callback`,
callbackURL: `${process.env.SELF_URL}/oidc/callback`,
scope: 'openid offline_access profile email custom_data',
components: {
Button: SignInButton, //can be your own custom component
position: "beforeLogin" //beforeLogin | afterLogin
},
userCollection: {
slug: Users.slug,
searchKey: 'email',
},
createUserIfNotFound: true,
async userinfo(accessToken) {
const { data: user } = await axios.get(`${process.env.OIDC_URI}/oidc/me`, {
headers: {
Authorization: `Bearer ${accessToken}`,
},
});
return {
sub: user.sub,
name: user.name,
email: user.email,
// You can use OIDC user custom data to get the role for this app
role: user.custom_data?.my_app_role,
// or you can do something like this
// role: user.custom_data?.role ? 'admin' : 'editor',
};
},
}),
],
});
Contributions and feedback are very welcome.
To get it running:
- Clone the project.
npm install
npm run build
The MIT License (MIT). Please see License File for more information.