oidc-client-ts
OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Top Related Projects
OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
Open Source Identity and Access Management For Modern Applications and Services
Quick Overview
oidc-client-ts is a TypeScript library for implementing OpenID Connect (OIDC) and OAuth2 authentication in browser-based applications. It provides a robust set of tools for managing the authentication flow, handling tokens, and interacting with OIDC providers.
Pros
- Strong TypeScript support with type definitions included
- Comprehensive implementation of OIDC and OAuth2 protocols
- Supports various authentication flows, including implicit and authorization code
- Active maintenance and community support
Cons
- Limited to browser-based applications
- Learning curve for developers new to OIDC concepts
- Requires careful configuration to ensure security best practices
Code Examples
- Creating a UserManager instance:
import { UserManager, UserManagerSettings } from "oidc-client-ts";
const settings: UserManagerSettings = {
authority: "https://your-oidc-provider.com",
client_id: "your-client-id",
redirect_uri: "https://your-app.com/callback",
response_type: "code",
scope: "openid profile email"
};
const userManager = new UserManager(settings);
- Initiating the login process:
userManager.signinRedirect().catch(error => {
console.error("Signin error:", error);
});
- Handling the callback after authentication:
userManager.signinRedirectCallback().then(user => {
console.log("User logged in:", user);
}).catch(error => {
console.error("Signin callback error:", error);
});
- Checking if the user is logged in:
userManager.getUser().then(user => {
if (user) {
console.log("User is logged in");
} else {
console.log("User is not logged in");
}
});
Getting Started
-
Install the library:
npm install oidc-client-ts -
Create a configuration file (e.g.,
oidc-config.ts):import { UserManagerSettings } from "oidc-client-ts"; export const oidcSettings: UserManagerSettings = { authority: "https://your-oidc-provider.com", client_id: "your-client-id", redirect_uri: "https://your-app.com/callback", response_type: "code", scope: "openid profile email" }; -
Initialize the UserManager in your main application file:
import { UserManager } from "oidc-client-ts"; import { oidcSettings } from "./oidc-config"; const userManager = new UserManager(oidcSettings); // Use userManager to handle authentication flows -
Implement login, logout, and callback handling in your application using the UserManager methods demonstrated in the code examples above.
Competitor Comparisons
OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
Pros of openid-client
- More comprehensive OpenID Connect support, including advanced features like dynamic client registration
- Better performance due to optimized code and fewer dependencies
- Actively maintained with frequent updates and bug fixes
Cons of openid-client
- Steeper learning curve, especially for developers new to OpenID Connect
- Less beginner-friendly documentation compared to oidc-client-ts
- May require more configuration for basic use cases
Code Comparison
oidc-client-ts:
const userManager = new UserManager(settings);
const user = await userManager.signinRedirect();
openid-client:
const client = new Issuer(discoveryUrl).Client(clientMetadata);
const authorizationUrl = client.authorizationUrl(parameters);
Both libraries provide similar functionality, but openid-client offers more granular control over the OpenID Connect flow. oidc-client-ts abstracts away some of the complexity, making it easier for beginners to get started quickly.
While openid-client provides more advanced features and better performance, oidc-client-ts may be more suitable for simpler projects or developers who prefer a higher-level abstraction. The choice between the two depends on the specific requirements of your project and your team's expertise in OpenID Connect.
OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Pros of oidc-client-js
- More mature and widely adopted in the community
- Extensive documentation and examples available
- Broader browser compatibility, including older versions
Cons of oidc-client-js
- Larger bundle size due to broader compatibility
- Less frequent updates and maintenance
- Written in JavaScript, which may lack some TypeScript benefits
Code Comparison
oidc-client-js:
var settings = {
authority: 'https://demo.identityserver.io/',
client_id: 'js',
redirect_uri: 'https://myapp.com/callback.html',
response_type: 'code',
scope: 'openid profile api'
};
var mgr = new Oidc.UserManager(settings);
oidc-client-ts:
const settings: UserManagerSettings = {
authority: 'https://demo.identityserver.io/',
client_id: 'js',
redirect_uri: 'https://myapp.com/callback.html',
response_type: 'code',
scope: 'openid profile api'
};
const mgr = new UserManager(settings);
The code structure is similar, but oidc-client-ts benefits from TypeScript's static typing, providing better IDE support and catching potential errors during development. oidc-client-ts also offers more modern JavaScript features and improved tree-shaking capabilities, resulting in potentially smaller bundle sizes for modern applications.
npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
Pros of angular-auth-oidc-client
- Specifically designed for Angular applications, providing seamless integration
- Offers more Angular-specific features and utilities
- Actively maintained with frequent updates and community support
Cons of angular-auth-oidc-client
- Limited to Angular framework, less versatile for other JavaScript/TypeScript projects
- May have a steeper learning curve for developers not familiar with Angular
Code Comparison
oidc-client-ts:
const userManager = new UserManager(settings);
const user = await userManager.signinRedirect();
angular-auth-oidc-client:
@Component({...})
export class AppComponent {
constructor(private oidcSecurityService: OidcSecurityService) {}
login() {
this.oidcSecurityService.authorize();
}
}
The code snippets demonstrate the difference in usage between the two libraries. oidc-client-ts uses a more generic approach, while angular-auth-oidc-client is tightly integrated with Angular's dependency injection and component structure.
Both libraries provide OIDC authentication capabilities, but angular-auth-oidc-client is tailored for Angular applications, offering a more opinionated and framework-specific solution. oidc-client-ts, on the other hand, is more flexible and can be used in various JavaScript/TypeScript environments.
OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
Pros of IdentityServer4
- Comprehensive identity and access management solution for .NET applications
- Supports various OAuth 2.0 and OpenID Connect flows out of the box
- Extensive documentation and community support
Cons of IdentityServer4
- Primarily designed for server-side implementation, not client-side
- Steeper learning curve due to its extensive feature set
- Requires more setup and configuration compared to client-side libraries
Code Comparison
IdentityServer4 (server-side configuration):
services.AddIdentityServer()
.AddInMemoryClients(Config.Clients)
.AddInMemoryIdentityResources(Config.IdentityResources)
.AddInMemoryApiResources(Config.ApiResources)
.AddInMemoryApiScopes(Config.ApiScopes)
.AddTestUsers(Config.Users);
oidc-client-ts (client-side usage):
import { UserManager } from "oidc-client-ts";
const userManager = new UserManager({
authority: "https://example.com",
client_id: "client_id",
redirect_uri: "https://app.example.com/callback"
});
userManager.signinRedirect();
IdentityServer4 is a full-featured identity server implementation, while oidc-client-ts is a lightweight client-side library for OpenID Connect authentication. IdentityServer4 offers more control and customization but requires more setup, whereas oidc-client-ts provides a simpler solution for client-side authentication in JavaScript/TypeScript applications.
Open Source Identity and Access Management For Modern Applications and Services
Pros of Keycloak
- Comprehensive identity and access management solution
- Supports various authentication protocols (OIDC, SAML, etc.)
- Offers a complete server-side implementation with user management
Cons of Keycloak
- Heavier and more complex to set up compared to oidc-client-ts
- Requires more resources to run and maintain
- May be overkill for simple OIDC client needs
Code Comparison
oidc-client-ts (TypeScript):
import { UserManager } from "oidc-client-ts";
const userManager = new UserManager({
authority: "https://example.com",
client_id: "client_id",
redirect_uri: "https://app.example.com/callback"
});
userManager.signinRedirect();
Keycloak (JavaScript):
import Keycloak from "keycloak-js";
const keycloak = new Keycloak({
url: "https://example.com/auth",
realm: "myrealm",
clientId: "client_id"
});
keycloak.init({ onLoad: "login-required" });
While oidc-client-ts focuses on OIDC client-side implementation, Keycloak provides a full-fledged identity solution. oidc-client-ts is lighter and easier to integrate for simple OIDC needs, whereas Keycloak offers more features but requires more setup and resources. The code examples show the initialization process for both libraries, highlighting their different approaches to authentication.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
oidc-client-ts
Library to provide OpenID Connect (OIDC) and OAuth2 protocol support for client-side, browser-based JavaScript client applications. Also included is support for user session and access token management.
This project is a fork of
IdentityModel/oidc-client-js
which halted its development in June 2021. It has since been ported to
TypeScript here with a similar API for the initial 2.0 release. Going forward,
this library will focus only on protocols that continue to have support in
OAuth 2.1. As such, the implicit grant is not
supported by this client. Additional migration notes from oidc-client are
available here.
Contributions and help are greatly appreciated!
Implements the following OAuth 2.0 protocols and supports OpenID Connect Core 1.0:
- Authorization Code Grant with Proof Key for Code Exchange (PKCE)
- Authorization Code Grant
- Resource Owner Password Credentials (ROPC) Grant
- Refresh Token Grant
- Silent Refresh Token in iframe Flow
Table of Contents
Installation
Using npm
$ npm install oidc-client-ts --save
Building the Source
$ git clone https://github.com/authts/oidc-client-ts.git
$ cd oidc-client-ts
$ npm install
$ npm run build
Running the Sample
Parcel project
$ cd samples/Parcel
$ npm install
$ npm run start
and then browse to http://localhost:1234.
Angular app
can be found here.
Running the Tests
$ npm test
Contributing
We appreciate feedback and contribution to this repo!
License
This project is licensed under the Apache-2.0 license. See the LICENSE file for more info.
Top Related Projects
OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
Open Source Identity and Access Management For Modern Applications and Services
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot