@lucia-auth/oauth

createOAuth2AuthorizationUrl()#

Creates a new authorization url for OAuth 2.0 authorization code grant with a state. Use createOAuth2AuthorizationUrlWithPKCE() for creating urls with PKCE code challenge.

const createOAuth2AuthorizationUrl: (
	url: string | URL,
	options: {
		clientId: string;
		scope: string[];
		redirectUri?: string;
	}
) => Promise<readonly [authorizationUrl: URL, state: string]>;
Parameters#
nametypedescription
urlstring | URLAuthorization url base
options.clientIdstringclient_id
options.scopestring[]A list of values for scope
redirectUristringredirect_uri
Returns#
nametypedescription
authorizationUrlURLAuthorization url
statestringGenerated state

createOAuth2AuthorizationUrlWithPKCE()#

Creates a new authorization url for OAuth 2.0 authorization code grant with a state and PKCE code challenge.

const createOAuth2AuthorizationUrlWithPKCE: (
	url: string | URL,
	options: {
		clientId: string;
		scope: string[];
		codeChallengeMethod: "S256";
		redirectUri?: string;
	}
) => Promise<
	readonly [authorizationUrl: URL, codeVerifier: string, state: string]
>;
Parameters#
nametypedescription
urlstring | URLAuthorization url base
options.clientIdstringclient_id
options.scopestring[]A list of values for scope
options.codeChallengeMethod"S256"Code challenge method
redirectUristringredirect_uri
Returns#
nametypedescription
authorizationUrlURLAuthorization url
codeVerifierstringGenerated code verifier
statestringGenerated state

decodeIdToken()#

Decodes the OpenID Connect Id Token and returns the claims. Does NOT validate the JWT. Throws SyntaxError if provided id token is invalid or malformed.

const decodeIdToken: <_Claims extends {}>(
	idToken: string
) => {
	iss: string;
	aud: string;
	exp: number;
} & _Claims;
Parameters#
nametype
idTokenstring
Generics#
nameextendsdescription
_Claims{}JWT payload claims
Returns#

JWT payload.

OAuthRequestError#

class. See OAuthRequestError.

providerUserAuth()#

Creates a new ProviderUserAuth instance.

const providerUserAuth: (
	auth: Auth,
	providerId: string,
	providerUserId: string
) => ProviderUserAuth;
Parameters#
nametypedescription
authAuthLucia instance
providerIdstringKey provider id
providerUserIdstringKey provider user id
Returns#

validateOAuth2AuthorizationCode()#

Validates OAuth 2.0 authorization code by sending a request to the provided url. Returns the JSON-parsed response body.

const validateOAuth2AuthorizationCode: <_ResponseBody extends {}>(
	authorizationCode: string,
	url: string | URL,
	options: {
		clientId: string;
		redirectUri?: string;
		codeVerifier?: string;
		clientPassword?: {
			clientSecret: string;
			authenticateWith: "client_secret" | "http_basic_auth";
		};
	}
) => Promise<_ResponseBody>;
Parameters#
nametypedescription
authorizationCodestringAuthorization code
urlURL | stringAccess token endpoint
options.redirectUristringredirect_uri
options.codeVerifierstringcode_verifier
options.clientPassword
options.clientPassword.clientSecretstringClient secret
options.clientPassword.authenticateWithAuthenticateWithOptionsSee below
Generics#
nameextendsdescription
_ResponseBody{}Response body of the access token request
AuthenticateWithOptions#
valuedescription
"client_secret"Send the client secret inside request body as client_secret
"http_basic_auth"Send the client secret with the client id with HTTP Basic authentication scheme