{"library":"openid-client","title":"OpenID Connect Client","description":"openid-client is an OpenID Certified JavaScript client library designed for implementing OAuth 2.0 and OpenID Connect flows. It offers a comprehensive API for common authentication and authorization patterns, including Authorization Code, Refresh Token, Device Authorization, Client-Initiated Backchannel Authentication (CIBA), and Client Credentials grants. The library also supports advanced features like Demonstrating Proof-of-Possession (DPoP), Token Introspection and Revocation, Pushed Authorization Requests (PAR), and various JWT Secured operations (JAR, JARM, UserInfo). It is built for a wide range of JavaScript runtimes, including Node.js, browsers, Deno, and Cloudflare Workers. Currently at version 6.8.3, openid-client is actively maintained with a regular release cadence, ensuring compliance with the latest protocol specifications. A key differentiator is its OpenID Certification for Basic, FAPI 1.0, and FAPI 2.0 Relying Party Conformance Profiles, guaranteeing high standards of protocol interoperability.","language":"javascript","status":"active","last_verified":"Sun Apr 19","install":{"commands":["npm install openid-client"],"cli":null},"imports":["import { discovery } from 'openid-client'","import { Client } from 'openid-client'","import { generators } from 'openid-client'","import * as openid from 'openid-client'"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import { Issuer, generators } from 'openid-client';\n\nconst main = async () => {\n  const issuerUrl = process.env.OIDC_ISSUER_URL ?? 'https://accounts.google.com';\n  const clientId = process.env.OIDC_CLIENT_ID ?? 'YOUR_CLIENT_ID';\n  const clientSecret = process.env.OIDC_CLIENT_SECRET ?? 'YOUR_CLIENT_SECRET';\n  const redirectUri = process.env.OIDC_REDIRECT_URI ?? 'http://localhost:3000/callback';\n\n  try {\n    // Discover the OpenID Provider's configuration\n    const googleIssuer = await Issuer.discover(issuerUrl);\n    console.log('Discovered issuer: %s %O', googleIssuer.issuer, googleIssuer.metadata);\n\n    // Register a new client with the issuer\n    const client = new googleIssuer.Client({\n      client_id: clientId,\n      client_secret: clientSecret,\n      redirect_uris: [redirectUri],\n      response_types: ['code'],\n    });\n\n    // Generate parameters for the authorization request\n    const code_verifier = generators.codeVerifier();\n    const code_challenge = generators.codeChallenge(code_verifier);\n    const state = generators.state();\n    const nonce = generators.nonce();\n\n    const authorizationUrl = client.authorizationUrl({\n      scope: 'openid email profile',\n      code_challenge,\n      code_challenge_method: 'S256',\n      state,\n      nonce,\n      redirect_uri: redirectUri,\n    });\n\n    console.log(`\nNavigate to this URL to start the login flow:\\n${authorizationUrl}\n`);\n\n  } catch (error) {\n    console.error('Error during OpenID Connect setup:', error);\n  }\n};\n\nmain();","lang":"typescript","description":"This quickstart demonstrates how to discover an OpenID Provider, register a client, and generate an authorization URL for the Authorization Code Flow with PKCE and OIDC.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}