Documentation
    Preparing search index...

    Class ClientCredentialsProvider

    Hierarchy (View Summary)

    Index

    Constructors

    constructor

    Properties

    _openId? accessToken authorizationEndpoint? clientId clientSecret discoveryEndpoint endSessionEndpoint? scope tokenEndpoint? tokenEndpointAuthMethod? tokenLocation tokenName tokenPrefix

    Methods

    clone createTokenRequest expireToken getAccessToken getTokenEndpoint issuer openId resolve from fromEnv

    Constructors

    • Parameters

      • options: (
            { scope?: string | undefined; tokenLocation?: string | undefined; tokenName?: string | undefined; tokenPrefix?: string | undefined; clientSecret?: string | undefined; tokenEndpointAuthMethod?: "client_secret_basic" | ... 1 more ... | undefined; clientId: string; } & ({ ...; } | ... 1 more ... | { ...; })
        ) & { clientSecret: string }
      • OptionalopenId: OpenIdConfiguration

      Returns ClientCredentialsProvider

    Properties

    Protected Optional_openId

    _openId?: OpenIdConfiguration

    OpenID Provider metadata used to configure clients. Docs: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

    accessToken: AccessToken | undefined

    The access token used to verify that a user is authorized to do what they want to do

    authorizationEndpoint?: string

    The authorization endpoint is used to interact with the resource owner and obtain an authorization grant. The authorization server MUST first verify the identity of the resource owner. Source: https://www.rfc-editor.org/rfc/rfc6749#section-3.1

    clientId: string

    The client identifier issued to the client during the registration process.

    Source: https://www.rfc-editor.org/rfc/rfc6749#section-2.2

    clientSecret: string

    The client secret that authenticates the client using the client credentials grant flow.

    discoveryEndpoint: string | undefined

    A fully qualified URL for the OpenId Provider Metadata.

    Source: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

    endSessionEndpoint?: string

    URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. This URL MUST use the https scheme and MAY contain port, path, and query parameter components. SOURCE: https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OPMetadata

    scope: string | undefined

    The scope to request during the authorization flow. As defined per the OAuth Specification: "...a list of space-delimited, case-sensitive strings. The strings are defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope." Source: https://www.rfc-editor.org/rfc/rfc6749#section-3.3.

    tokenEndpoint?: string

    The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (deprecated) since an access token is issued directly. Source: https://www.rfc-editor.org/rfc/rfc6749#section-3.2

    tokenEndpointAuthMethod?: TokenEndpointAuthMethod

    Specifies the authentication method to be used at the OAuth 2.0 token endpoint.

    This property indicates how the client credentials should be transmitted when exchanging an authorization code for an access token. The value can be one of the following:

    • TOKEN_ENDPOINT_AUTH_METHOD.BASIC: Client credentials are included in the HTTP Authorization header using Basic authentication (base64 encoded clientId:clientSecret).
    • TOKEN_ENDPOINT_AUTH_METHOD.POST: Client credentials are sent as form parameters in the request body.

    If this property is undefined, the authentication method defaults to TOKEN_ENDPOINT_AUTH_METHOD.POST.

    tokenLocation: string

    The location where the token should be used.

    tokenName: string

    The name of the token location property, usually a header name or querystring key.

    tokenPrefix: string

    The token value may have a prefix, such as 'Basic' or 'Bearer'

    Methods

    • Parameters

      • options: Partial<
            (
                { scope?: string | undefined; tokenLocation?: string | undefined; tokenName?: string | undefined; tokenPrefix?: string | undefined; clientSecret?: string | undefined; tokenEndpointAuthMethod?: "client_secret_basic" | ... 1 more ... | undefined; clientId: string; } & ({ ...; } | ... 1 more ... | { ...; })
            ) & { clientSecret: string },
        > = {}

      Returns ClientCredentialsProvider

    • Creates the configuration object for an OAuth2 token request.

      This function returns a RequestInit object that can be used with the fetch API to perform a token request. It builds the request using a POST method and the application/x-www-form-urlencoded content type. Depending on the authentication method (BASIC or POST) and the grant type (AUTHORIZATION_CODE or REFRESH_TOKEN), the appropriate headers and body parameters are conditionally included.

      • When using BASIC authentication and a client secret is provided, an Authorization header is added using Base64-encoded credentials (clientId:clientSecret).
      • For POST authentication, the client secret is added to the request body.
      • The request body is constructed with mandatory and optional parameters based on the grant type:
        • For the AUTHORIZATION_CODE grant, the code is included along with optional redirect_uri and code_verifier.
        • For the REFRESH_TOKEN grant, the refresh token is included if available.

      Parameters

      Returns RequestInit

      The request configuration object, including method, headers, and body.

    • Retrieves the token endpoint URL for the OpenID provider. It first checks if the tokenEndpoint property is already set and returns it if available. If not, it retrieves the OpenID configuration via the openId() method, obtains the token endpoint from the configuration, and converts it to a string.

      Returns Promise<string>

      A promise that resolves to the token endpoint URL as a string.

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Methods