Skip to content
oidc-js

parseCallbackUrl

parseCallbackUrl(url, expectedState): object

Defined in: packages/core/src/authorize.ts:72

Parses an OAuth 2.0 authorization callback URL, extracting the authorization code and verifying state.

Rejects error responses, missing codes, and state mismatches.

Parameters

Section titled “Parameters”

url

Section titled “url”

string

The full callback URL the provider redirected the user to.

expectedState

Section titled “expectedState”

string

The state value originally sent in the authorization request.

Returns

Section titled “Returns”

object

An object containing the authorization code and the validated state.

code

Section titled “code”

code: string

state

Section titled “state”

state: string

Throws

Section titled “Throws”

AUTHORIZATION_ERROR if the provider returned an error response.

Throws

Section titled “Throws”

MISSING_AUTH_CODE if no code parameter is present.

Throws

Section titled “Throws”

STATE_MISMATCH if the returned state does not match expectedState.

See

Section titled “See”
  • RFC 6749 §4.1.2 — Authorization Response
  • RFC 6749 §10.12 — Cross-Site Request Forgery (state verification)