Skip to content
oidc-provider

Middleware

Registering module middlewares (helmet, ip-filters, rate-limiters, etc)

Section titled “Registering module middlewares (helmet, ip-filters, rate-limiters, etc)”

When using provider or provider.callback() as a mounted application in your own koa or express stack just follow the respective module’s documentation. When using the provider Koa instance directly this is effectively the same as registering any Koa middleware.

import helmet from "koa-helmet";


provider.use(helmet());

Pre- and post-middlewares

Section titled “Pre- and post-middlewares”

You can push custom middleware to be executed before and after oidc-provider’s route handlers. This is effectively the same as Middleware Cascading in Koa.

provider.use(async (ctx, next) => {
  /** pre-processing
   * you may target a specific action here by matching `ctx.path`
   */
  console.log("pre middleware", ctx.method, ctx.path);


  await next();
  /** post-processing
   * since internal route matching was already executed you may target a specific action here
   * checking `ctx.oidc.route`, the unique route names used are
   *
   * `authorization`
   * `backchannel_authentication`
   * `client_delete`
   * `client_update`
   * `client`
   * `code_verification`
   * `cors.device_authorization`
   * `cors.discovery`
   * `cors.introspection`
   * `cors.jwks`
   * `cors.pushed_authorization_request`
   * `cors.revocation`
   * `cors.token`
   * `cors.userinfo`
   * `device_authorization`
   * `device_resume`
   * `discovery`
   * `end_session_confirm`
   * `end_session_success`
   * `end_session`
   * `introspection`
   * `jwks`
   * `pushed_authorization_request`
   * `registration`
   * `resume`
   * `revocation`
   * `token`
   * `userinfo`
   */
  console.log("post middleware", ctx.method, ctx.oidc.route);
});