Difference between okta-oidc-js and okta-sdk-nodejs

Only now I became aware of these two libraries - and searching the internet to answer my own question, I can only find a lot of articles explaining one or the other. The newest of these articles is https://developer.okta.com/blog/2020/06/16/nodejs-login which may suggest the okta-oidc-js is the current replacement for okta-sdk-nodejs.

Since I am trying to refresh some 2 years old tutorials and blogs, I am quite curious about the answer to my “difference between okta-oidc-js and okta-sdk-nodejs” question.

@adriatic The two SDKs serve different purposes for different use cases.

Firstly, okta-oidc-js is a mono-repo where all our JavaScript SDKs reside, so most likely you are referring to oidc-middleware, which is our Node OIDC SDK. Like our other OIDC backend/middleware SDKs, this one is used to protect resources via OAuth tokens.

On the other hand, okta-sdk-nodejs is one of our management SDKs. This SDK is not used to protect your own application and is instead used for CRUD operations related to calling Okta’s APIs.

Fun fact: Most our SDKs follow a naming convention:

okta-auth SDKs are used to handle primary authentication use cases (such as custom login pages)
okta-sdk SDKs are management SDKs, used to make call to Okta API endpoints
okta-oidc SDKs are used to protect resources with OAuth tokens (this includes the repos within okta-oidc-js as the front end SDKs are designed to initiate the OAuth flow and protect resources as well)

2 Likes

Interesting how a clear and concise answer clears all the fog I thought hides your naming conventions. Nevertheless, I would think that your few paragraphs ought to be visible before any encounter with an object as complex as your product. I am almost tempted to create a Navigator for Okta as an open-source project for the Okta community.

If I may create a sub-question: while it is pretty obvious that Okta’s blogs / samples collection is not synced with the current set of SDKs, can I rely that your documentation (https://developer.okta.com/docs/s) is?

My current involvement with Okta is driven by my desire to present a complete IAM system (as different from say Passport.js) to Gatsby / Strapi community. You just saved me from missing some of the key points of Okta’s internal organization, so I clearly need to do some more reading before I just blindly adjust 2+ years old sample code.

Thank you @andrea for bailing me out from my swamp.