Authorization
buildAuthUrl
Section titled “buildAuthUrl”Constructs the authorization URL with PKCE parameters for the Authorization Code flow.
import { buildAuthUrl, generatePkce, generateState, generateNonce } from "oidc-js-core";
const pkce = await generatePkce();const state = generateState();const nonce = generateNonce();
const url = buildAuthUrl(discovery, config, pkce, state, nonce);// Redirect the user: window.location.href = url;Parameters:
| Name | Type | Description |
|---|---|---|
discovery | OidcDiscovery | Parsed discovery document |
config | OidcConfig | Client configuration |
pkce | { verifier, challenge } | PKCE code verifier and challenge |
state | string | Random state parameter for CSRF protection |
nonce | string | Random nonce embedded in the ID token |
extraParams | Record<string, string> | Optional extra query parameters |
Returns: string — the full authorization URL.
Throws: MISSING_REDIRECT_URI if config.redirectUri is not set.
parseCallbackUrl
Section titled “parseCallbackUrl”Extracts the authorization code from the callback URL and validates the state parameter.
import { parseCallbackUrl } from "oidc-js-core";
const { code } = parseCallbackUrl(window.location.href, expectedState);Parameters:
| Name | Type | Description |
|---|---|---|
callbackUrl | string | The full callback URL with query parameters |
expectedState | string | The state value sent in the authorization request |
Returns: { code: string } — the authorization code.
Throws:
STATE_MISMATCH— thestateparameter doesn’t matchMISSING_AUTH_CODE— nocodeparameter in the URLAUTHORIZATION_ERROR— the URL contains anerrorparameter
PKCE helpers
Section titled “PKCE helpers”import { generatePkce, generateState, generateNonce } from "oidc-js-core";
// Generate a code verifier and its SHA-256 challengeconst pkce = await generatePkce();// pkce.verifier = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"// pkce.challenge = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"
// Generate random values for state and nonceconst state = generateState(); // cryptographically random stringconst nonce = generateNonce(); // cryptographically random stringAll random values are generated using the Web Crypto API (crypto.getRandomValues).