oidc-auth-gate

OIDC/OAuth2 Auth Gate for n8n with 2 inputs (init/callback) and tokens output, auto-using $execution.resumeUrl.

Package Information

Downloads: 1 weekly / 8 monthly
Latest Version: 0.1.0
Author: ChatGPT

Available Nodes

OIDC Auth Gate (2-In)
Gate for OAuth2/OIDC Authorization Code (optional PKCE). Input #1: init (no code) → redirect. Input #2: callback (with code) → token exchange. Output #1: unauthenticated (302 redirect). Output #2: authenticated (tokens).

Documentation

n8n-nodes-oidc-auth-gate

A custom n8n node that acts as an OIDC/OAuth2 Auth Gate with two inputs (Init + Callback) and two outputs:

  • Input #1 (Init): Build redirect to IdP (Authorization Code, optional PKCE S256) and emit Output #1 ready for a Respond to Webhook with 302 Location.
  • Input #2 (Callback): Handle IdP redirect carrying ?code (and state), exchange at token_url, then emit Output #2 with access_token, id_token, refresh_token.

It automatically uses {{$execution.resumeUrl}} as the redirect_uri when the callbackUrl parameter is left empty — perfect for single execution flows that pause with Wait for Webhook and resume on the callback.

Parameters

  • Authorization URL (authUrl) – IdP authorize endpoint
  • Token URL (tokenUrl) – IdP token endpoint
  • Callback URL (optional) (callbackUrl) – if empty, uses {{$execution.resumeUrl}}
  • Client ID (clientId)
  • Client Secret (clientSecret, optional)
  • Scopes (scopes) – openid is auto-added if missing
  • Use PKCE (S256) (usePkce, default: true)
  • Advanced → Additional Auth Params – extra query params to authUrl

Wiring (single execution)

Webhook (Trigger) 
  → OIDC Auth Gate (Input #1: Init)
    → (Output 1) Respond to Webhook (302)
      → Wait for Webhook (Callback)
        → OIDC Auth Gate (Input #2: Callback)
          → (Output 2) Respond to Webhook (200)

Set the Wait for Webhook node to produce a public callback URL. In the OIDC node, leave callbackUrl empty to automatically use {{$execution.resumeUrl}}.

Install (Local Custom Package)

  1. Unzip this package somewhere, e.g. ~/n8n-nodes-oidc-auth-gate

  2. Build the node:

    cd ~/n8n-nodes-oidc-auth-gate
npm ci
npm run build

  3. Tell n8n to load the package. Choose one of the options:

    Option A – Community Packages (recommended GUI/CLI install from a local path):

    • If you run n8n locally, you can temporarily npm link and then install by name:
      npm link
# restart n8n and use: Settings → Community Nodes → Install → enter: n8n-nodes-oidc-auth-gate
      (Alternatively, publish to a private npm registry and install from there.)

    Option B – Mount as a local package in Docker:

    • Run n8n Docker with a volume mount:
      docker run -it --rm \
  -p 5678:5678 \
  -v ~/.n8n:/home/node/.n8n \
  -v ~/n8n-nodes-oidc-auth-gate:/home/node/.n8n/nodes/n8n-nodes-oidc-auth-gate \
  n8nio/n8n:latest
    • n8n will detect the local package under ~/.n8n/nodes/… and load it on start.

    Option C – Classic custom nodes folder (for legacy setups):

    • Copy the compiled files (the dist/ JS) to ~/.n8n/custom/ and reference them via the n8n package.json field if your deployment supports it.

The exact loading mechanism depends on your n8n version and deployment type. When in doubt, use the Community Nodes install path (preferred in recent n8n versions).

Usage Notes

  • This node does not persist tokens; it only emits them for downstream use, keeping the example simple.
  • The PKCE code_verifier is embedded in state for a stateless roundtrip. For high-security setups, store the verifier server-side (DB/Cache) and validate state properly.
  • Ensure your IdP allows the callback URL (either your Wait for Webhook public URL or {{$execution.resumeUrl}}).

License

MIT

Discussion