Cidaas JavaScript SDK

5.1.4 · active · verified Sun Apr 19

The Cidaas JavaScript SDK provides client-side functionality for integrating web applications with the Cidaas Cloud Identity & Access Management solution. It facilitates secure authentication and authorization flows based on industry standards like OAuth 2.0 and OpenID Connect, and supports a comprehensive set of features including Single Sign-On (SSO), Multi-Factor Authentication (MFA) with over 14 methods (e.g., TOTP, FIDO2), passwordless authentication, and various social/enterprise identity providers. The SDK is built upon the `oidc-client-ts` library, abstracting its complexities for Cidaas-specific integrations, allowing developers to focus on application logic rather than intricate identity protocols. The current stable version is 5.1.4. While a precise release cadence is not explicitly stated, the presence of a detailed changelog implies active development and regular updates. Its key differentiators include extensive MFA options, robust security features for Machine-to-Machine (M2M) and IoT scenarios, and a strong emphasis on simplifying complex identity management challenges.

Common errors

```
Error: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application.
```
cause The `redirect_uri` in your SDK configuration does not exactly match any of the 'Redirect URIs' registered for your client in the Cidaas Admin UI.

fix Verify that the `redirect_uri` in your `cidaasConfig` precisely matches one of the 'Redirect URIs' (including protocol, domain, port, and path) configured for your client in the Cidaas Admin UI.
```
Error: client_id is invalid or missing.
```
cause The `client_id` provided in the SDK configuration is incorrect, malformed, or has not been registered/enabled in the Cidaas system.

fix Double-check the `client_id` in your `cidaasConfig` against the 'Client ID' value displayed in the Cidaas Admin UI for your application. Ensure it is copied without extra spaces or characters.
```
Error: The 'authority' parameter is required.
```
cause The `authority` property, representing your Cidaas instance's base URL, was not provided or was empty in the SDK configuration.

fix Ensure `authority` is correctly set to your Cidaas tenant's base URL (e.g., `https://yourtenant.cidaas.com`) in your `cidaasConfig`.
```
Access to XMLHttpRequest at 'https://your-cidaas-domain.com/.well-known/openid-configuration' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
```
cause Your application's origin URL (e.g., `http://localhost:3000`) is not whitelisted in Cidaas for Cross-Origin Resource Sharing (CORS) requests to the identity provider's endpoints.

fix Add your application's full base URL (including protocol and port, e.g., `http://localhost:3000`) to the 'Allowed Origins' list for your client application within the Cidaas Admin UI.

Warnings

breaking Major version updates (e.g., from v4.x to v5.x) can introduce breaking changes, often related to underlying `oidc-client-ts` library updates or changes in Cidaas API contracts. Always consult the Changelog for specific migration steps.
Fix: Review the official Changelog (`CHANGELOG.md`) and migration guides for your specific version upgrade path before updating the SDK.
gotcha Incorrectly configured `redirect_uri` or `post_logout_redirect_uri` in the SDK configuration (and in the Cidaas Admin UI) is a common source of authentication and logout failures. These must exactly match, including protocol, hostname, port, and path.
Fix: Ensure `redirect_uri` and `post_logout_redirect_uri` configured in your SDK precisely match the URLs registered for your client application in the Cidaas Admin UI.
gotcha The `scope` parameter defines the permissions your application requests. Requesting scopes not granted to your client in Cidaas Admin UI or omitting essential scopes like `openid` and `profile` will lead to authentication issues or missing user data.
Fix: Always include `openid` in your `scope` as it's mandatory for OpenID Connect. Verify that all requested scopes are enabled and granted to your client application in the Cidaas Admin UI.
gotcha The default user store is `sessionStorage`. If you use `InMemoryWebStorage`, user sessions will not persist across browser refreshes, which can lead to unexpected logout behavior. Conversely, `localStorage` persists across browser sessions.
Fix: Explicitly set `userStore: window.localStorage` in your `cidaasConfig` if you need persistent sessions across browser restarts, or understand the implications of `InMemoryWebStorage` for specific use cases.
deprecated While CommonJS `require()` might technically work in some older environments, the Cidaas JavaScript SDK is designed for modern JavaScript environments and TypeScript, primarily leveraging ES Modules (`import`). Using `require()` can lead to module resolution issues or prevent proper tree-shaking.
Fix: Migrate your project to use ES Modules with `import` statements. Ensure your build tooling (e.g., Webpack, Rollup, Parcel) is configured to handle ES Modules correctly.

Install

npm install cidaas-javascript-sdk npm
yarn add cidaas-javascript-sdk yarn
pnpm add cidaas-javascript-sdk pnpm

Imports

Cidaas
wrong:
```
import Cidaas from 'cidaas-javascript-sdk';
const Cidaas = require('cidaas-javascript-sdk');
```
correct:
```
import { Cidaas } from 'cidaas-javascript-sdk';
```
The core class for all Cidaas SDK interactions, typically instantiated with a configuration object. The library primarily uses named exports. Avoid CommonJS `require` in modern, ESM-focused projects.
CidaasClientSettings
```
import type { CidaasClientSettings } from 'cidaas-javascript-sdk';
```
TypeScript interface for configuring the Cidaas SDK, encompassing properties like `authority`, `client_id`, `redirect_uri`, and `scope`. It aligns closely with `oidc-client-ts`'s `UserManagerSettings`.
CidaasError
```
import { Cidaas, CidaasError } from 'cidaas-javascript-sdk';
```
Represents custom errors thrown by the Cidaas SDK, allowing for specific error handling logic. It's recommended to check `instanceof CidaasError` for robust error identification rather than relying on string comparisons.

Quickstart

This quickstart demonstrates how to initialize the Cidaas SDK, handle both login and logout redirect callbacks, and programmatically initiate authentication and logout flows using browser redirects.

import { Cidaas } from 'cidaas-javascript-sdk';

// Replace with your actual Cidaas tenant details. Ensure these match your Cidaas Admin UI configuration.
const cidaasConfig = {
    authority: 'https://your-cidaas-domain.com', // e.g., 'https://mytenant.cidaas.com'
    client_id: 'YOUR_CLIENT_ID', // Obtain this from Cidaas Admin UI
    redirect_uri: 'http://localhost:3000/callback', // Must be precisely registered in Cidaas
    post_logout_redirect_uri: 'http://localhost:3000/logout-callback', // Must be precisely registered in Cidaas
    scope: 'openid profile email offline_access', // Define required scopes
    response_type: 'code', // Recommended for PKCE flows
    userStore: window.sessionStorage, // Optional: default is sessionStorage, can be localStorage or InMemoryWebStorage
    automaticSilentRenew: true // Optional: default is true for token renewal
};

const cidaas = new Cidaas(cidaasConfig);

async function handleAuthenticationFlow() {
    // Check if the current URL is a login or logout redirect callback
    if (window.location.pathname === '/callback') {
        try {
            await cidaas.handleRedirectCallback(); // Processes the token from the URL hash/query
            const user = await cidaas.getUser();
            console.log('User successfully logged in:', user); //
            // Navigate away from the callback URL to prevent re-processing
            window.history.replaceState({}, document.title, '/');
        } catch (error) {
            console.error('Error handling login callback:', error);
        }
    } else if (window.location.pathname === '/logout-callback') {
        console.log('User successfully logged out.');
        window.history.replaceState({}, document.title, '/');
    } else {
        // If not on a callback page, check current authentication status
        const user = await cidaas.getUser();
        if (!user) {
            console.log('No active user session found. Initiating login...');
            // In a real application, you might trigger this on a button click or route guard
            // cidaas.loginWithRedirect(); 
        } else {
            console.log('User already authenticated:', user.profile.given_name); //
            console.log('Access Token:', user.access_token); //
        }
    }
}

async function login() {
    try {
        await cidaas.loginWithRedirect();
    } catch (error) {
        console.error('Login initiation failed:', error);
    }
}

async function logout() {
    try {
        await cidaas.logout();
    } catch (error) {
        console.error('Logout initiation failed:', error);
    }
}

handleAuthenticationFlow();

// Example usage (typically called from UI events):
// document.getElementById('loginButton').addEventListener('click', login);
// document.getElementById('logoutButton').addEventListener('click', logout);

view raw JSON →