createOAuth2AuthorizationUrl()#
Creates a new authorization url for OAuth 2.0 authorization code grant with a state. Use createOAuth2AuthorizationUrlWithPKCE() for creating urls with PKCE code challenge.
const createOAuth2AuthorizationUrl: (
url: string | URL,
options: {
clientId: string;
scope: string[];
redirectUri?: string;
}
) => Promise<readonly [authorizationUrl: URL, state: string]>;
Parameters#
| name | type | description |
|---|
url | string | URL | Authorization url base |
options.clientId | string | client_id |
options.scope | string[] | A list of values for scope |
redirectUri | string | redirect_uri |
Returns#
| name | type | description |
|---|
authorizationUrl | URL | Authorization url |
state | string | Generated state |
createOAuth2AuthorizationUrlWithPKCE()#
Creates a new authorization url for OAuth 2.0 authorization code grant with a state and PKCE code challenge.
const createOAuth2AuthorizationUrlWithPKCE: (
url: string | URL,
options: {
clientId: string;
scope: string[];
codeChallengeMethod: "S256";
redirectUri?: string;
}
) => Promise<
readonly [authorizationUrl: URL, codeVerifier: string, state: string]
>;
Parameters#
| name | type | description |
|---|
url | string | URL | Authorization url base |
options.clientId | string | client_id |
options.scope | string[] | A list of values for scope |
options.codeChallengeMethod | "S256" | Code challenge method |
redirectUri | string | redirect_uri |
Returns#
| name | type | description |
|---|
authorizationUrl | URL | Authorization url |
codeVerifier | string | Generated code verifier |
state | string | Generated state |
decodeIdToken()#
Decodes the OpenID Connect Id Token and returns the claims. Does NOT validate the JWT. Throws SyntaxError if provided id token is invalid or malformed.
const decodeIdToken: <_Claims extends {}>(
idToken: string
) => {
iss: string;
aud: string;
exp: number;
} & _Claims;
Parameters#
Generics#
| name | extends | description |
|---|
_Claims | {} | JWT payload claims |
Returns#
JWT payload.
OAuthRequestError#
class. See OAuthRequestError.
providerUserAuth()#
Creates a new ProviderUserAuth instance.
const providerUserAuth: (
auth: Auth,
providerId: string,
providerUserId: string
) => ProviderUserAuth;
Parameters#
| name | type | description |
|---|
auth | Auth | Lucia instance |
providerId | string | Key provider id |
providerUserId | string | Key provider user id |
Returns#
validateOAuth2AuthorizationCode()#
Validates OAuth 2.0 authorization code by sending a request to the provided url. Returns the JSON-parsed response body.
const validateOAuth2AuthorizationCode: <_ResponseBody extends {}>(
authorizationCode: string,
url: string | URL,
options: {
clientId: string;
redirectUri?: string;
codeVerifier?: string;
clientPassword?: {
clientSecret: string;
authenticateWith: "client_secret" | "http_basic_auth";
};
}
) => Promise<_ResponseBody>;
Parameters#
| name | type | description |
|---|
authorizationCode | string | Authorization code |
url | URL | string | Access token endpoint |
options.redirectUri | string | redirect_uri |
options.codeVerifier | string | code_verifier |
options.clientPassword | | |
options.clientPassword.clientSecret | string | Client secret |
options.clientPassword.authenticateWith | AuthenticateWithOptions | See below |
Generics#
| name | extends | description |
|---|
_ResponseBody | {} | Response body of the access token request |
AuthenticateWithOptions#
| value | description |
|---|
"client_secret" | Send the client secret inside request body as client_secret |
"http_basic_auth" | Send the client secret with the client id with HTTP Basic authentication scheme |
