Skip to content
This repository has been archived by the owner on Feb 16, 2018. It is now read-only.

Home

Jump to bottom
tonyeung edited this page Feb 16, 2016 · 4 revisions

OidcTokenManager

The OidcTokenManager is a JavaScript library intended to run in browsers and possibly Cordova style applications. It provides management functions for tokens returns from the OIDC protocol. It includes the OidcClient library for the protocol level work (so it is not needed to also include that additional library).

Configuration

The OidcTokenManager constructor requires a settings object as a parameter. The settings has these properties:

  • Required Settings

  • authority (string)

  • client_id (string): The OIDC/OAuth2 client identifier.

  • redirect_uri (string): The OIDC/OAuth2 redirect URI.

  • response_type (string, default: 'id_token token')

  • scope (string)

  • Optional OIDC Authorization Request Settings

  • prompt

  • display

  • max_age

  • ui_locales

  • login_hint

  • acr_values

  • Other Optional Settings

  • post_logout_redirect_uri (string): The OIDC/OAuth2 post-logout redirect URI.

  • filter_protocol_claims (boolean, default: true): Should OIDC protocol claims be removed from profile.

  • load_user_profile (boolean, default: true): Should additional identity data be loaded from userinfo_endpoint to populate profile.

  • persist (boolean, default: true): Flag if the tokens should be persisted in the store.

  • store (Storage, default: window.localStorage): Storage for properties (see below).

  • persistKey (string, default: TokenManager.token): Key used for store.

  • request_state_store (Storage, default: window.localStorage): Location to store OIDC request state. It's recommended to not change this, as some versions of IE don't allow sessionStorage to survive cross origin redirects. NOTE: Pass in the object sessionStorage rather than the string 'sessionStorage'.

  • request_state_key (string, default: 'OidcClient.request_state'): Key used for request_state_store.

  • silent_redirect_uri (string)

  • silent_renew (boolean, default: false)

  • metadata (object): Can be assigned to prevent dynamic loading of the metadata.

  • authorization_endpoint (string): Can be assigned to prevent dynamic loading of the authorization_endpoint from the metadata.

  • jwks_uri (string): Can be assigned to prevent dynamic loading of the jwks_uri from the metadata.

  • jwks (object): Can be assigned to prevent dynamic loading of the signing keys from the jwks_uri.

  • userinfo_endpoint (string): Can be assigned to prevent dynamic loading of the userinfo_endpoint from the metadata.

  • end_session_endpoint (string): Can be assigned to prevent dynamic loading of the end_session_endpoint from the metadata.

APIs

  • redirectForToken
  • processTokenCallbackAsync
  • redirectForLogout
  • removeToken
  • processTokenCallbackSilent
  • renewTokenSilentAsync

Properties

  • id_token
  • profile
  • access_token
  • expired
  • expires_at
  • expires_in
  • scopes
  • session_state
  • oidcClient

Events

  • OnTokenObtained
  • OnSilentTokenRenewFailed
  • OnTokenExpiring
  • OnTokenExpired
  • OnTokenRemoved
Clone this wiki locally