oidc-client-js
oidc-client-js copied to clipboard
IdentityModel
OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
error_description will be the default error message due to this change. Not sure how many users parse this error message and expect it to be 'error' and not 'error_description'. Should...
Neither the localStorage not the sessionStorage is considered safe for handling authentication tokens. If there is for instance any third party script on the website, that script would be able...
The documentation in your wiki is horribly inadequate. Maybe I'm not your target audience. I'm not familiar with the OIDC protocol, and I was handed a already started webapp which...
Related to Issue #843 This library uses `client_secret_post` which puts the `client_id` and `client_secret` in the body. You should support `client_secret_basic` where `client_id` and `client_secret` is base64 encoded in the...
Having minified sources be the "main" makes things much harder to debug. Minification should be an issue for the end client and how they want to setup webpack or similar,...
The [IETF Best Current Practice (BCP)](https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-07) draft recommends using Authorization Code flow with PKCE for Single-Page-Applications (SPA). However it impose certain [constraints](https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-07#section-8) for fixed refresh tokens maximum lifetime and recommendations...
I'm trying to clear localstorage manually: ``` const mng = new UserManager(config); mng.clearStaleState().then(() => { console.log('clearState success'); }).catch((e) => { console.log('clearStateState error', e.message); }); ``` After that i see 'clearState...
This is more of a question than an issue. I need to use a custom ResponseValidator to pick up a couple "extra" fields in the response from our oauth server....
Hi There, I need to pass Request Header for token_endpoint URL. Please let me know how I can do this? --Thanks
Minified JS makes it hard to debug. https://stackoverflow.com/questions/48673408/should-javascript-npm-packages-be-minified
Metadata
Owner
Metadata
OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications