OidcClient
Defined in: client/src/client.ts:63
Browser OIDC client that wraps oidc-js-core with fetch and sessionStorage.
Handles the full Authorization Code + PKCE flow: discovery, redirect-based login, callback handling, token refresh, userinfo fetching, and logout. Exposes reactive AuthState via a subscribe/notify pattern.
Constructors
Section titled “Constructors”Constructor
Section titled “Constructor”new OidcClient(
config):OidcClient
Defined in: client/src/client.ts:84
Creates a new OidcClient instance.
Parameters
Section titled “Parameters”config
Section titled “config”OIDC configuration including issuer, clientId, and redirectUri.
Returns
Section titled “Returns”OidcClient
Accessors
Section titled “Accessors”Get Signature
Section titled “Get Signature”get state():
AuthState
Defined in: client/src/client.ts:89
The current authentication state.
Returns
Section titled “Returns”Methods
Section titled “Methods”destroy()
Section titled “destroy()”destroy():
void
Defined in: client/src/client.ts:342
Tears down the client by aborting any in-flight requests and removing all subscribers.
Returns
Section titled “Returns”void
fetchProfile()
Section titled “fetchProfile()”fetchProfile():
Promise<OidcUser|null>
Defined in: client/src/client.ts:327
Fetches the user’s profile from the userinfo endpoint using the current access token.
Updates the user.profile field in the auth state with the response.
Returns
Section titled “Returns”Promise<OidcUser | null>
Throws
Section titled “Throws”Error if no access token is available or discovery has not been fetched.
init()
Section titled “init()”init():
Promise<{returnTo?:string; }>
Defined in: client/src/client.ts:123
Initializes the client by fetching OIDC discovery and processing any callback parameters.
If the current URL contains an authorization code, it completes the token exchange,
optionally fetches the userinfo profile, and returns the returnTo path saved before login.
If the URL contains an error, it sets the error state.
Returns
Section titled “Returns”Promise<{ returnTo?: string; }>
An object with an optional returnTo path indicating where the app should navigate.
login()
Section titled “login()”login(
options?):Promise<void>
Defined in: client/src/client.ts:206
Starts the Authorization Code + PKCE login flow by redirecting the browser to the authorization endpoint.
Generates PKCE, state, and nonce values, persists them in sessionStorage, then navigates away. Does nothing if discovery has not been fetched yet (i.e., init was not called).
Parameters
Section titled “Parameters”options?
Section titled “options?”Optional login parameters such as returnTo and extraParams.
Returns
Section titled “Returns”Promise<void>
logout()
Section titled “logout()”logout():
void
Defined in: client/src/client.ts:235
Logs the user out by redirecting to the OP’s end-session endpoint.
If the discovery document has an end_session_endpoint, the browser is redirected there
with the current ID token hint and postLogoutRedirectUri from config.
State is only cleared locally when no end-session redirect is available.
Returns
Section titled “Returns”void
refresh()
Section titled “refresh()”refresh():
Promise<AuthTokens>
Defined in: client/src/client.ts:267
Uses the stored refresh token to obtain a new set of tokens from the token endpoint.
Updates the auth state with the new tokens and, if an ID token is returned, re-decodes the claims and optionally re-fetches the userinfo profile.
Returns
Section titled “Returns”Promise<AuthTokens>
Throws
Section titled “Throws”Error if no refresh token is available or discovery has not been fetched.
subscribe()
Section titled “subscribe()”subscribe(
fn): () =>void
Defined in: client/src/client.ts:99
Registers a callback that fires whenever the auth state changes.
Parameters
Section titled “Parameters”Subscriber
Subscriber function receiving the updated AuthState.
Returns
Section titled “Returns”An unsubscribe function that removes the listener.
() => void