Getting Started
Set up your OIDC provider from scratch — configuration basics, account integration, and framework mounting.
oidc-provider
OpenID Certified™ OAuth 2.0 & OpenID Connect Authorization Server for Node.js. Implements 27 stable RFCs and OIDC specifications for enterprise-grade authentication and authorization.
Explore the Documentation
Section titled “Explore the Documentation”Configuration
Deep-dive into adapters, claims, clients, features, interactions, tokens, cookies, JWKS, PKCE, and more.
Guides
Practical guides for user flows, custom grant types, middleware registration, proxy setup, and context access.
Events
Complete reference of all events emitted by the provider for logging, monitoring, and custom integrations.
API Reference
Auto-generated TypeScript API docs for all oidc-provider types, interfaces, and classes.
Community
Join the discussion — ask questions, share guides, and connect with other users.
Implemented Specifications
Section titled “Implemented Specifications”| Specification | Description | Status | Reference |
|---|---|---|---|
| RFC 6749 | OAuth 2.0 | Stable | RFC 6749 |
| OpenID Connect Core 1.0 | OpenID Connect | Stable | OIDC Core |
| OpenID Connect Discovery 1.0 | OIDC Discovery | Stable | OIDC Discovery |
| RFC 8414 | Authorization Server Metadata | Stable | RFC 8414 |
| OpenID Connect Dynamic Client Registration 1.0 | Dynamic Client Registration | Stable | OIDC DCR |
| RFC 7591 | OAuth 2.0 Dynamic Client Registration Protocol | Stable | RFC 7591 |
| RFC 7592 | OAuth 2.0 Dynamic Client Registration Management | Stable | RFC 7592 |
| OpenID Connect RP-Initiated Logout 1.0 | RP-Initiated Logout | Stable | RP-Init Logout |
| OpenID Connect Back-Channel Logout 1.0 | Back-Channel Logout | Stable | Back-Channel Logout |
| RFC 7009 | OAuth 2.0 Token Revocation | Stable | RFC 7009 |
| RFC 7636 | Proof Key for Code Exchange (PKCE) | Stable | RFC 7636 |
| RFC 7662 | OAuth 2.0 Token Introspection | Stable | RFC 7662 |
| RFC 8252 | OAuth 2.0 for Native Apps BCP (AppAuth) | Stable | RFC 8252 |
| RFC 8628 | OAuth 2.0 Device Authorization Grant (Device Flow) | Stable | RFC 8628 |
| RFC 8705 | OAuth 2.0 Mutual TLS (mTLS) | Stable | RFC 8705 |
| RFC 8707 | OAuth 2.0 Resource Indicators | Stable | RFC 8707 |
| RFC 9101 | OAuth 2.0 JWT-Secured Authorization Request (JAR) | Stable | RFC 9101 |
| RFC 9126 | OAuth 2.0 Pushed Authorization Requests (PAR) | Stable | RFC 9126 |
| RFC 9207 | OAuth 2.0 Authorization Server Issuer Identifier | Stable | RFC 9207 |
| RFC 9449 | OAuth 2.0 Demonstration of Proof-of-Possession (DPoP) | Stable | RFC 9449 |
| RFC 9701 | JWT Response for OAuth Token Introspection | Stable | RFC 9701 |
| FAPI 1.0 Security Profile | FAPI 1.0 - Part 2: Advanced | Stable | FAPI 1.0 |
| FAPI 2.0 Security Profile | FAPI 2.0 | Stable | FAPI 2.0 |
| FAPI 2.0 Message Signing | FAPI 2.0 Message Signing | Stable | FAPI 2.0 MS |
| JWT Secured Authorization Response Mode (JARM) | JARM | Stable | JARM |
| OpenID Connect CIBA | Client Initiated Backchannel Authentication | Stable | CIBA |
| OpenID Connect RP Metadata Choices 1.0 | RP Metadata Choices | Stable | RP Metadata |
| FAPI-CIBA | FAPI-CIBA - Implementers Draft 01 | Experimental | FAPI-CIBA |
| OAuth 2.0 Attestation-Based Client Authentication | Attestation-Based Client Authentication - Draft 06 | Experimental | Attestation Auth |
| OAuth Client ID Metadata Document | CIMD - Draft 01 | Experimental | CIMD |
Supported Access Token Formats:
OpenID Certification
Section titled “OpenID Certification”OpenID Certified™
oidc-provider has been certified by the OpenID Foundation. It passes all conformance tests for the supported profiles, giving you confidence that the implementation is correct and spec-compliant.
Acknowledgments
Section titled “Acknowledgments”All credit goes to @panva, author and maintainer of node-oidc-provider. The library, its features, and all upstream documentation are entirely his work. This site is an unofficial community resource that reorganizes that documentation for easier browsing.