@twinfinity/core
    Preparing search index...

    Class OpenIdConnectClient

    Index

    Methods

    disconnect getAccessToken getIdentityToken clearLoginState create createFromTokenResponse createWithClientCredentials loginWithRedirect prefetchedMetadataFetcher

    Methods

    • Returns void

    • Provides an access token from the Open ID connect provider.

      Returns a cached value if there's sufficient time left until the access_token expires. If the access_token is about to expire a fresh token is fetched.

      Returns Promise<string>

      access_token from the /token endpoint.

    • Provides an identity token from the Open ID connect provider.

      Returns a cached value if there's sufficient time left until the id_token expires. If the id_token is about to expire a fresh token is fetched.

      Returns Promise<IdentityToken>

      parsed id_token from the /token endpoint.

      an OpenIdConnectClientError if this client has no identity token at all. Whether a createWithClientCredentials client has one depends on the identity provider: some issue an id_token to the service account when the openid scope applies (protocol claims only — a service account has no user profile), others issue none for the grant.

    • Removes the transient login parameters loginWithRedirect writes to session storage (the state, PKCE code verifier and redirect URI). create consumes and removes these on a successful token exchange; a caller that drives the login flow out of band (e.g. a popup or iframe login that ends by being closed or cancelled) can call this to clear the orphaned values so they do not linger for the tab's lifetime. The set of keys lives here, next to the code that writes and reads them.

      Parameters

      • sessionStorage: Storage

      Returns void

    • Creates an Open ID Connect client for a service using the client credentials grant — no user, no browser, no redirects: the client authenticates as itself with its ClientCredentialsOptions.clientSecret in a single request to the token endpoint. Tokens are renewed automatically by re-running the grant (the provider issues no refresh token for it).

      The provider must have the client configured as a confidential client with service accounts enabled. Whether getIdentityToken works for clients created this way depends on the provider — see its documentation.

      Parameters

      Returns Promise<OpenIdConnectClient>

      an OpenIdConnectClientCriticalError when invoked in a browser: the client secret must never be shipped to end users. Use the interactive login flows there instead.

      const client = await OpenIdConnectClient.createWithClientCredentials({
          openIdProviderUrl: 'https://customer.twinfinity.com',
          clientId: 'my-integration',
          clientSecret: process.env.MY_INTEGRATION_CLIENT_SECRET!
      });
      const accessToken = await client.getAccessToken();

    • Initializes the login with redirect for code flow with the Open ID provider specified in clientOptions. The returned promise will never resolve. Awaiting the return value will block the continued execution of the promise chain.

      See https://auth0.com/docs/get-started/authentication-and-authorization-flow/add-login-auth-code-flow

      Parameters

      Returns Promise<never>

      an unfulfilled promise that will never resolve

      const options: OpenIdConnectClientOptions = {
          clientId: '<client-id>',
          openIdProviderUrl: '<idp-url>', // or openIdProviderConfigurationUrl() to discover from the page origin
          // Use a stable URL with no query parameters: the exact same redirect_uri has to be sent again
          // at token exchange (see create()), so strip the callback query rather than using href verbatim.
          redirectUri: window.location.href.split('?')[0]
      };
      await OpenIdConnectClient.loginWithRedirect(options);
      throw 'The async function OpenIdConnectClient#loginWithRedirect should never resolve, returns an unfulfilled promise';

    Settings

    Member Visibility

    On This Page

    Methods