@fundwave/oidc-client is a lightweight client-side library that allows you to prepare headers for your network-calls by automatically refreshing tokens (if expired) with the provided OIDC server.
npm install @fundwave/oidc-clientimport { OIDCClient } from "@fundwave/oidc-client";
const oidcClient = new OIDCClient();
// Set the URL-String where token refresh requests will be sent
oidcClient.setBaseUrl("https://my-awesome-oidc-server.com");
// Set the path on the server which is responsible for the refresh
oidcClient.setRefreshPath("refresh-token");Note: the
refreshPathproperty defaults to token/refresh
The constructor signature is
new OIDCClient(options?, sessionStorageParam?, localStorageParam?). The two storage params are optional and default to the globalsessionStorage/localStorage. Inject mock storage (e.g. for SSR/Node/tests) by passing them explicitly. If only one is supplied the other resolves fromglobalThis, and the refresh flow is skipped when either is unavailable.
Once the class has been instantiated, you can
-
use the
prepareHeadersmethod to get the required headers for your callsconst headers = await oidcClient.prepareHeaders();
prepareHeaders(headers?, tokenType?)accepts an optionaltokenType(defaults to"token") selecting which session-storage key supplies theAuthorization: Bearervalue. Pass"accessToken"or"idToken"to use those instead.const headers = await oidcClient.prepareHeaders(undefined, "accessToken");
-
Optionally, directly use the
getAccessTokenmethod to refresh (if expired) and return a stored tokenawait oidcClient.getAccessToken();
getAccessToken(tokenType?)also accepts the optionaltokenType(defaults to"token") and returns the value stored under that key.const accessToken = await oidcClient.getAccessToken("accessToken");
-
If the refresh-token call returns a
401/403or any other error status, the library will throw an custom-eventlogged-out
-
Tokens aren't refreshed every time the
prepareHeadersmethod is called. Tokens are only refreshed when the token is about to expire. -
If your client app makes parallel calls to the same object of oidc-client, this library will still make only one active call to your OIDC server. This will reduce network calls and avoid exceeding any rate limits with your OIDC server.
-
Tokens returned by the refresh call are stored at browser's session storage under these keys, when present:
tokenidTokenaccessToken
-
Refresh Token is maintained at browser's local storage with the key being
refreshToken -
On a failed refresh / logout, the
token,idToken,accessToken(session storage) andrefreshToken(local storage) keys are all cleared -
The library will read tokens sent by your OIDC server from either the response body or headers