js-pkce

A package that makes using the OAuth2 PKCE flow easier

Installation

npm i js-pkce

Create a new instance

Create a new instance of js-pkce with all of the details needed.

import PKCE from 'js-pkce';
const pkce = new PKCE({
  client_id: 'myclientid',
  redirect_uri: 'http://localhost:8080/auth',
  authorization_endpoint: 'https://authserver.com/oauth/authorize',
  token_endpoint: 'https://authserver.com/oauth/token',
  requested_scopes: '*',
});

Start the authorization process

Typically you just need to go to the authorization url to start the process. This example is something that might work in a SPA.

window.location.replace(pkce.authorizeUrl());

You may add additional query parameters to the authorize url by using an optional second parameter:

const additionalParams = {test_param: 'testing'};
window.location.replace(pkce.authorizeUrl(additionalParams));

Trade the code for a token

After logging in with the authorization server, you will be redirected to the value in the redirect_uri parameter you set when creating the instance. Again, this is an example that might work for a SPA.

When you get back here, you need to exchange the code for a token.

const url = window.location.href;
pkce.exchangeForAccessToken(url).then((resp) => {
  const token = resp.access_token;
  // Do stuff with the access token.
});

As with the authorizeUrl method, an optional second parameter may be passed to the exchangeForAccessToken method to send additional parameters to the request:

const url = window.location.href;
const additionalParams = {test_param: 'testing'};

pkce.exchangeForAccessToken(url, additionalParams).then((resp) => {
  const token = resp.access_token;
  // Do stuff with the access token.
});

Refreshing the token

Get a new access token using a refresh token

pkce.refreshAccessToken(refreshToken).then((resp) => {
  const accessToken = resp.access_token;
  const refreshToken = resp.refresh_token;
  // Do stuff with the access & refresh token.
});

A note on Storage

By default, this package will use sessionStorage to persist the pkce_state. On (mostly) mobile devices there's a higher chance users are returning in a different browser tab. E.g. they kick off in a WebView & get redirected to a new tab. The sessionStorage will be empty there.

In this case it you can opt in to use localStorage instead of sessionStorage:

import PKCE from 'js-pkce';
const pkce = new PKCE({
  // ...
  storage: localStorage, // any Storage object, sessionStorage (default) or localStorage 
});

Cors credentials

When using httpOnly cookies, there is some additional configuration required. The method enableCorsCredentials can be called to allow sending credentials.

pkce.enableCorsCredentials(true);

bpedroza / js-pkce Goto Github PK

js-pkce's Introduction

js-pkce

Installation

Create a new instance

Start the authorization process

Trade the code for a token

Refreshing the token

A note on Storage

Cors credentials

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent