PAOIDCClient
    Preparing search index...

    Class OIDCClient

    OIDCClient provides methods for interacting with OIDC/OAuth2 authorization server. Those methods are signing a user in, signing out, managing the user's claims, checking session and managing tokens returned from the OIDC/OAuth2 provider.

    Hierarchy (View Summary)

    Index

    Constructors

    constructor

    Properties

    accessToken? callbacks idToken? idTokenRaw? issuer_metadata? options refreshToken? scopes? user?

    Methods

    emit getAccessToken getExpiresIn getIdToken getIdTokenRaw getRefreshToken getScopes getUser initialize isLoggedIn login loginCallback loginWithPopup logout off on once revokeToken silentLogin

    Constructors

    Properties

    accessToken?: string
    callbacks: Record<string, any[]>
    idToken?: string
    idTokenRaw?: string
    issuer_metadata?: Record<string, any>
    options: IPlusAuthClientOptions
    refreshToken?: string
    scopes?: string[]
    user?: any

    Methods

    • Retrieve logged in user's access token if it exists.

      Returns Promise<string | undefined>

    • Retrieve access token's expiration.

      Returns Promise<number | undefined>

    • Retrieve logged in user's parsed id token if it exists.

      Returns Promise<Record<string, any> | undefined>

    • Retrieve logged in user's id token in raw format if it exists.

      Returns Promise<string | undefined>

    • Retrieve logged in user's refresh token if it exists.

      Returns Promise<string | undefined>

    • Retrieve logged in user's scopes if it exists.

      Returns Promise<string[] | undefined>

    • Retrieve logged in user's profile.

      Returns Promise<Record<string, any> | undefined>

    • Initialize the library with this method. It resolves issuer configuration, jwks keys which are necessary for validating tokens returned from provider and checking if a user is already authenticated in provider.

      Parameters

      • checkLogin: boolean = true

        Make this false if you don't want to check user authorization status in provider while initializing. Defaults to true

      Returns Promise<OIDCClient>

    • If there is a user stored locally return true. Otherwise it will make a silentLogin to check if End-User is logged in provider.

      Parameters

      • localOnly: boolean = false

        Don't check provider

      Returns Promise<boolean>

    • Redirect to provider's authorization endpoint using provided parameters. You can override any parameter defined in OIDCClient. If you don't provide state, nonce or code_verifier they will be generated automatically in a random and secure way.

      Parameters

      Returns Promise<void>

    • After a user successfully authorizes an application, the authorization server will redirect the user back to the application with either an authorization code or access token in the URL. In the callback page you should call this method.

      Parameters

      • url: string = window.location.href

        Full url which contains authorization request result parameters. Defaults to window.location.href

      Returns Promise<Record<string, any> | undefined>

    • Open a popup with the provider's authorization endpoint using provided parameters. You can override any parameter defined in OIDCClient. If you don't provide state, nonce or code_verifier they will be generated automatically in a random and secure way. You can also override popup options.

      NOTE: Most browsers block popups if they are not happened as a result of user actions. In order to display login popup you must call this method in an event handler listening for a user action like button click.

      Parameters

      Returns Promise<Record<string, any>>

    • Redirect to provider's end_session_endpoint with provided parameters. After logout provider will redirect to provided post_logout_redirect_uri if it provided.

      Parameters

      Returns Promise<void>

    • OAuth2 token revocation implementation method. See more at tools.ietf.org/html/rfc7009

      Parameters

      • token: string

        Token to be revoked

      • type: TokenType = "access_token"

        Passed token's type. It will be used to provide token_type_hint parameter.

      • options: RevokeOptions = {}

        If necessary override options passed to OIDCClient by defining them here.

      Returns Promise<any>

    • Login without having an interaction. If refresh tokens are used and there is a stored refresh token it will exchange refresh token to receive new access token. If not it silently makes a request the provider's authorization endpoint using provided parameters. You can override any parameter defined in OIDCClient. If you don't provide state, nonce or code_verifier they will be generated automatically in a random and secure way.

      Parameters

      Returns Promise<any>

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Methods