PAOIDCClient
    Preparing search index...

    Interface IPlusAuthClientOptions

    Options used when instantiating the PlusAuth client. Extends authorization and logout options with client-level configuration.

    interface IPlusAuthClientOptions {
        acr_values?: string;
        audience?: string;
        authStore?: StateStore<any>;
        autoSilentRenew?: boolean;
        checkSession?: boolean;
        checkSessionInterval?: number;
        claims?: Record<string, any>;
        claims_locales?: string;
        client_id: string;
        client_secret?: string;
        clockSkew?: number;
        code_challenge?: string;
        code_challenge_method?: string;
        code_verifier?: string;
        currentTimeInMillis?: () => number;
        display?: string;
        endpoints?: IEndpointConfiguration;
        extraLogoutParams?: Record<string, string>;
        extraParams?: Record<string, any>;
        fragment?: string;
        httpClient?: (options: RequestOptions) => Promise<any>;
        id_token_hint?: string;
        idTokenValidator?: (idToken: string) => Promise<boolean>;
        issuer: string;
        login_hint?: string;
        nonce?: string;
        nonceLength?: number;
        post_logout_redirect_uri?: string;
        prompt?: string;
        redirect_uri?: string;
        registration?: string;
        requestUserInfo?: boolean;
        response_mode?: string;
        response_type?: string;
        scope?: string;
        secondsToRefreshAccessTokenBeforeExp?: number;
        silent_redirect_uri?: string;
        silentRequestTimeout?: number;
        state?: string;
        stateLength?: number;
        stateStore?: StateStore<any>;
        ui_locales?: string;
        useRefreshToken?: boolean;
        web_message_target?: string;
        web_message_uri?: string;
    }

    Hierarchy

    Index

    Properties

    acr_values? audience? authStore? autoSilentRenew? checkSession? checkSessionInterval? claims? claims_locales? client_id client_secret? clockSkew? code_challenge? code_challenge_method? code_verifier? currentTimeInMillis? display? endpoints? extraLogoutParams? extraParams? fragment? httpClient? id_token_hint? idTokenValidator? issuer login_hint? nonce? nonceLength? post_logout_redirect_uri? prompt? redirect_uri? registration? requestUserInfo? response_mode? response_type? scope? secondsToRefreshAccessTokenBeforeExp? silent_redirect_uri? silentRequestTimeout? state? stateLength? stateStore? ui_locales? useRefreshToken? web_message_target? web_message_uri?

    Properties

    acr_values?: string

    Requested Authentication Context Class Reference values.

    audience?: string

    Audience for which the client is requesting access.

    authStore?: StateStore<any>

    Storage for authentication results (id_token, access_token, session_state …). Defaults to LocalStorageStateStore.

    StateStore

    autoSilentRenew?: boolean

    Whether to automatically refresh access tokens before they expire by triggering a silent login flow inside an iframe.

    true
    checkSession?: boolean

    Enable or disable OpenID session monitoring.

    true
    checkSessionInterval?: number

    How often to poll the session iframe (in ms).

    2000
    claims?: Record<string, any>

    Claims parameter requesting specific user attributes.

    claims_locales?: string

    Preferred languages for user claims.

    client_id: string

    OAuth2 client identifier.

    client_secret?: string

    OAuth2 client secret (optional; required when using confidential flows).

    clockSkew?: number

    Allowed clock drift (in seconds) when validating tokens.

    code_challenge?: string

    PKCE code challenge.

    code_challenge_method?: string

    PKCE code challenge method (typically "S256").

    code_verifier?: string

    PKCE verifier used for exchanging authorization code.

    currentTimeInMillis?: () => number

    Custom function returning the current timestamp in milliseconds. Useful when client clock differs from server clock.

    https://en.wikipedia.org/wiki/Network_Time_Protocol

    display?: string

    Display type: page, popup, etc.

    endpoints?: IEndpointConfiguration

    Manually provided OpenID provider metadata.

    extraLogoutParams?: Record<string, string>

    Additional provider-specific parameters for logout endpoint.

    extraParams?: Record<string, any>

    Additional parameters appended to the authorization request.

    fragment?: string

    Optional URI fragment used by web_message or custom response handling.

    httpClient?: (options: RequestOptions) => Promise<any>

    Custom HTTP client (e.g. fetch wrapper).

    id_token_hint?: string

    Id token hint for reauthentication scenarios.

    idTokenValidator?: (idToken: string) => Promise<boolean>

    Additional ID token validator. Use this to validate signatures or introduce custom rules.

    Type Declaration

      • (idToken: string): Promise<boolean>

      • Parameters

        • idToken: string

          Raw JWT string.

        Returns Promise<boolean>

    issuer: string

    OpenID Provider issuer URL.

    login_hint?: string

    Optional login hint such as email or username.

    nonce?: string

    Generated nonce for replay protection.

    nonceLength?: number

    Length of the generated nonce value.

    10

    Optionalpost_logout_redirect_uri

    post_logout_redirect_uri?: string

    Redirect URL after logout completes.

    prompt?: string

    Prompt behavior: none, login, consent, etc.

    redirect_uri?: string

    Redirect URI registered for the client.

    registration?: string

    Client registration parameter (rarely used).

    requestUserInfo?: boolean

    Whether to request user information from the userinfo_endpoint after token issuance.

    response_mode?: string

    OAuth2/OIDC response mode such as fragment, query, form_post.

    response_type?: string

    OAuth2/OIDC response type such as code, token, id_token.

    scope?: string

    Requested scopes.

    secondsToRefreshAccessTokenBeforeExp?: number

    How long before token expiration (in seconds) a silent renew should trigger.

    60
    silent_redirect_uri?: string

    Redirect URI used specifically for silent authentication.

    silentRequestTimeout?: number

    Timeout (in seconds) for silent renew iframe responses.

    10
    state?: string

    Client-generated state value used for request correlation.

    stateLength?: number

    Length of generated state values.

    10
    stateStore?: StateStore<any>

    Storage for OIDC request state (nonce, code_verifier, redirect params).

    StateStore

    ui_locales?: string

    Preferred UI locales for login experience.

    useRefreshToken?: boolean

    Whether refresh tokens should be used for renewing sessions. If false, the client will instead use an iframe silent authentication.

    false
    web_message_target?: string

    Web Message response target (used in popup/iframe login).

    web_message_uri?: string

    Web Message receiver URL.

    Settings

    Member Visibility

    On This Page

    Properties