{"id":10630,"library":"cidaas-javascript-sdk","title":"Cidaas JavaScript SDK","description":"The Cidaas JavaScript SDK provides client-side functionality for integrating web applications with the Cidaas Cloud Identity & Access Management solution. It facilitates secure authentication and authorization flows based on industry standards like OAuth 2.0 and OpenID Connect, and supports a comprehensive set of features including Single Sign-On (SSO), Multi-Factor Authentication (MFA) with over 14 methods (e.g., TOTP, FIDO2), passwordless authentication, and various social/enterprise identity providers. The SDK is built upon the `oidc-client-ts` library, abstracting its complexities for Cidaas-specific integrations, allowing developers to focus on application logic rather than intricate identity protocols. The current stable version is 5.1.4. While a precise release cadence is not explicitly stated, the presence of a detailed changelog implies active development and regular updates. Its key differentiators include extensive MFA options, robust security features for Machine-to-Machine (M2M) and IoT scenarios, and a strong emphasis on simplifying complex identity management challenges.","status":"active","version":"5.1.4","language":"javascript","source_language":"en","source_url":null,"tags":["javascript","typescript"],"install":[{"cmd":"npm install cidaas-javascript-sdk","lang":"bash","label":"npm"},{"cmd":"yarn add cidaas-javascript-sdk","lang":"bash","label":"yarn"},{"cmd":"pnpm add cidaas-javascript-sdk","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"The Cidaas SDK is built on top of this library for core OIDC/OAuth functionality.","package":"oidc-client-ts","optional":false}],"imports":[{"note":"The core class for all Cidaas SDK interactions, typically instantiated with a configuration object. The library primarily uses named exports. Avoid CommonJS `require` in modern, ESM-focused projects.","wrong":"import Cidaas from 'cidaas-javascript-sdk';\nconst Cidaas = require('cidaas-javascript-sdk');","symbol":"Cidaas","correct":"import { Cidaas } from 'cidaas-javascript-sdk';"},{"note":"TypeScript interface for configuring the Cidaas SDK, encompassing properties like `authority`, `client_id`, `redirect_uri`, and `scope`. It aligns closely with `oidc-client-ts`'s `UserManagerSettings`.","symbol":"CidaasClientSettings","correct":"import type { CidaasClientSettings } from 'cidaas-javascript-sdk';"},{"note":"Represents custom errors thrown by the Cidaas SDK, allowing for specific error handling logic. It's recommended to check `instanceof CidaasError` for robust error identification rather than relying on string comparisons.","symbol":"CidaasError","correct":"import { Cidaas, CidaasError } from 'cidaas-javascript-sdk';"}],"quickstart":{"code":"import { Cidaas } from 'cidaas-javascript-sdk';\n\n// Replace with your actual Cidaas tenant details. Ensure these match your Cidaas Admin UI configuration.\nconst cidaasConfig = {\n authority: 'https://your-cidaas-domain.com', // e.g., 'https://mytenant.cidaas.com'\n client_id: 'YOUR_CLIENT_ID', // Obtain this from Cidaas Admin UI\n redirect_uri: 'http://localhost:3000/callback', // Must be precisely registered in Cidaas\n post_logout_redirect_uri: 'http://localhost:3000/logout-callback', // Must be precisely registered in Cidaas\n scope: 'openid profile email offline_access', // Define required scopes\n response_type: 'code', // Recommended for PKCE flows\n userStore: window.sessionStorage, // Optional: default is sessionStorage, can be localStorage or InMemoryWebStorage\n automaticSilentRenew: true // Optional: default is true for token renewal\n};\n\nconst cidaas = new Cidaas(cidaasConfig);\n\nasync function handleAuthenticationFlow() {\n // Check if the current URL is a login or logout redirect callback\n if (window.location.pathname === '/callback') {\n try {\n await cidaas.handleRedirectCallback(); // Processes the token from the URL hash/query\n const user = await cidaas.getUser();\n console.log('User successfully logged in:', user); //\n // Navigate away from the callback URL to prevent re-processing\n window.history.replaceState({}, document.title, '/');\n } catch (error) {\n console.error('Error handling login callback:', error);\n }\n } else if (window.location.pathname === '/logout-callback') {\n console.log('User successfully logged out.');\n window.history.replaceState({}, document.title, '/');\n } else {\n // If not on a callback page, check current authentication status\n const user = await cidaas.getUser();\n if (!user) {\n console.log('No active user session found. Initiating login...');\n // In a real application, you might trigger this on a button click or route guard\n // cidaas.loginWithRedirect(); \n } else {\n console.log('User already authenticated:', user.profile.given_name); //\n console.log('Access Token:', user.access_token); //\n }\n }\n}\n\nasync function login() {\n try {\n await cidaas.loginWithRedirect();\n } catch (error) {\n console.error('Login initiation failed:', error);\n }\n}\n\nasync function logout() {\n try {\n await cidaas.logout();\n } catch (error) {\n console.error('Logout initiation failed:', error);\n }\n}\n\nhandleAuthenticationFlow();\n\n// Example usage (typically called from UI events):\n// document.getElementById('loginButton').addEventListener('click', login);\n// document.getElementById('logoutButton').addEventListener('click', logout);","lang":"typescript","description":"This quickstart demonstrates how to initialize the Cidaas SDK, handle both login and logout redirect callbacks, and programmatically initiate authentication and logout flows using browser redirects."},"warnings":[{"fix":"Review the official Changelog (`CHANGELOG.md`) and migration guides for your specific version upgrade path before updating the SDK.","message":"Major version updates (e.g., from v4.x to v5.x) can introduce breaking changes, often related to underlying `oidc-client-ts` library updates or changes in Cidaas API contracts. Always consult the Changelog for specific migration steps.","severity":"breaking","affected_versions":">=5.0.0"},{"fix":"Ensure `redirect_uri` and `post_logout_redirect_uri` configured in your SDK precisely match the URLs registered for your client application in the Cidaas Admin UI.","message":"Incorrectly configured `redirect_uri` or `post_logout_redirect_uri` in the SDK configuration (and in the Cidaas Admin UI) is a common source of authentication and logout failures. These must exactly match, including protocol, hostname, port, and path.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Always include `openid` in your `scope` as it's mandatory for OpenID Connect. Verify that all requested scopes are enabled and granted to your client application in the Cidaas Admin UI.","message":"The `scope` parameter defines the permissions your application requests. Requesting scopes not granted to your client in Cidaas Admin UI or omitting essential scopes like `openid` and `profile` will lead to authentication issues or missing user data.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Explicitly set `userStore: window.localStorage` in your `cidaasConfig` if you need persistent sessions across browser restarts, or understand the implications of `InMemoryWebStorage` for specific use cases.","message":"The default user store is `sessionStorage`. If you use `InMemoryWebStorage`, user sessions will not persist across browser refreshes, which can lead to unexpected logout behavior. Conversely, `localStorage` persists across browser sessions.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Migrate your project to use ES Modules with `import` statements. Ensure your build tooling (e.g., Webpack, Rollup, Parcel) is configured to handle ES Modules correctly.","message":"While CommonJS `require()` might technically work in some older environments, the Cidaas JavaScript SDK is designed for modern JavaScript environments and TypeScript, primarily leveraging ES Modules (`import`). Using `require()` can lead to module resolution issues or prevent proper tree-shaking.","severity":"deprecated","affected_versions":">=5.0.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Verify that the `redirect_uri` in your `cidaasConfig` precisely matches one of the 'Redirect URIs' (including protocol, domain, port, and path) configured for your client in the Cidaas Admin UI.","cause":"The `redirect_uri` in your SDK configuration does not exactly match any of the 'Redirect URIs' registered for your client in the Cidaas Admin UI.","error":"Error: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application."},{"fix":"Double-check the `client_id` in your `cidaasConfig` against the 'Client ID' value displayed in the Cidaas Admin UI for your application. Ensure it is copied without extra spaces or characters.","cause":"The `client_id` provided in the SDK configuration is incorrect, malformed, or has not been registered/enabled in the Cidaas system.","error":"Error: client_id is invalid or missing."},{"fix":"Ensure `authority` is correctly set to your Cidaas tenant's base URL (e.g., `https://yourtenant.cidaas.com`) in your `cidaasConfig`.","cause":"The `authority` property, representing your Cidaas instance's base URL, was not provided or was empty in the SDK configuration.","error":"Error: The 'authority' parameter is required."},{"fix":"Add your application's full base URL (including protocol and port, e.g., `http://localhost:3000`) to the 'Allowed Origins' list for your client application within the Cidaas Admin UI.","cause":"Your application's origin URL (e.g., `http://localhost:3000`) is not whitelisted in Cidaas for Cross-Origin Resource Sharing (CORS) requests to the identity provider's endpoints.","error":"Access to XMLHttpRequest at 'https://your-cidaas-domain.com/.well-known/openid-configuration' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."}],"ecosystem":"npm"}