Class OIDCClient

constructor

• new OIDCClient(options): OIDCClient

• Parameters

  • options: IPlusAuthClientOptions

  Returns OIDCClient

Optional accessToken

Optional idToken

Optional idTokenRaw

Optional issuer_metadata

options

Optional refreshToken

Optional scopes

Optional user

getAccessToken

• getAccessToken(): Promise<undefined | string>

• Retrieve logged in user's access token if it exists.

  Returns Promise<undefined | string>

getExpiresIn

• getExpiresIn(): Promise<undefined | number>

• Retrieve access token's expiration.

  Returns Promise<undefined | number>

getIdToken

• getIdToken(): Promise<undefined | Record<string, any>>

• Retrieve logged in user's parsed id token if it exists.

  Returns Promise<undefined | Record<string, any>>

getIdTokenRaw

• getIdTokenRaw(): Promise<undefined | string>

• Retrieve logged in user's id token in raw format if it exists.

  Returns Promise<undefined | string>

getRefreshToken

• getRefreshToken(): Promise<undefined | string>

• Retrieve logged in user's refresh token if it exists.

  Returns Promise<undefined | string>

getScopes

• getScopes(): Promise<undefined | string[]>

• Retrieve logged in user's scopes if it exists.

  Returns Promise<undefined | string[]>

getUser

• getUser(): Promise<undefined | Record<string, any>>

• Retrieve logged in user's profile.

  Returns Promise<undefined | Record<string, any>>

initialize

• initialize(checkLogin?): Promise<OIDCClient>

• Initialize the library with this method. It resolves issuer configuration, jwks keys which are necessary for validating tokens returned from provider and checking if a user is already authenticated in provider.

  Parameters

  • checkLogin: boolean = true

    Make this false if you don't want to check user authorization status in provider while initializing. Defaults to true

  Returns Promise<OIDCClient>

isLoggedIn

• isLoggedIn(localOnly?): Promise<boolean>

• If there is a user stored locally return true. Otherwise it will make a silentLogin to check if End-User is logged in provider.

  Parameters

  • localOnly: boolean = false

    Don't check provider

  Returns Promise<boolean>

login

• login(options?, localState?): Promise<void>

• Redirect to provider's authorization endpoint using provided parameters. You can override any parameter defined in OIDCClient. If you don't provide state, nonce or code_verifier they will be generated automatically in a random and secure way.

  Parameters

  • options: Partial<AuthRequestOptions> = {}

  • localState: Record<string, any> = {}

  Returns Promise<void>

loginCallback

• loginCallback(url?): Promise<undefined | Record<string, any>>

• After a user successfully authorizes an application, the authorization server will redirect the user back to the application with either an authorization code or access token in the URL. In the callback page you should call this method.

  Parameters

  • url: string = window.location.href

    Full url which contains authorization request result parameters. Defaults to window.location.href

  Returns Promise<undefined | Record<string, any>>

loginWithPopup

• loginWithPopup(options?, popupOptions?): Promise<Record<string, any>>

• Open a popup with the provider's authorization endpoint using provided parameters. You can override any parameter defined in OIDCClient. If you don't provide state, nonce or code_verifier they will be generated automatically in a random and secure way. You can also override popup options.

  NOTE: Most browsers block popups if they are not happened as a result of user actions. In order to display login popup you must call this method in an event handler listening for a user action like button click.

  Parameters

  • options: Partial<AuthRequestOptions> = {}

  • popupOptions: PopupOptions = {}

  Returns Promise<Record<string, any>>

logout

• logout(options?): Promise<void>

• Redirect to provider's end_session_endpoint with provided parameters. After logout provider will redirect to provided post_logout_redirect_uri if it provided.

  Parameters

  • options: LogoutRequestOptions = {}

  Returns Promise<void>

revokeToken

• revokeToken(token, type?, options?): Promise<any>

• OAuth2 token revocation implementation method. See more at tools.ietf.org/html/rfc7009

  Parameters

  • token: string

    Token to be revoked

  • type: TokenType = 'access_token'

    Passed token's type. It will be used to provide token_type_hint parameter.

  • options: RevokeOptions = {}

    If necessary override options passed to OIDCClient by defining them here.

  Returns Promise<any>

silentLogin

• silentLogin(options?, localState?): Promise<any>

• Login without having an interaction. If refresh tokens are used and there is a stored refresh token it will exchange refresh token to receive new access token. If not it silently makes a request the provider's authorization endpoint using provided parameters. You can override any parameter defined in OIDCClient. If you don't provide state, nonce or code_verifier they will be generated automatically in a random and secure way.

  Parameters

  • options: AuthRequestOptions = {}

  • localState: Record<string, any> = {}

  Returns Promise<any>