Skip to content

Latest commit

 

History

History
53 lines (36 loc) · 1.22 KB

README.md

File metadata and controls

53 lines (36 loc) · 1.22 KB

pkce-spa

An authentication session manager for OpenID Connect using PKCE.

The session manager will keep the user's session permanently active until they either explicitly logout, or the authentication server denies a refresh attempt.

Features

  • Automatic token refresh
  • Cross-tab session syncronisation
  • Exposes access_token as an event listener
  • Zero dependencies

Install

$ npm install pkce-spa

Usage

import { Session } from "pkce-spa";

const session = new Session({ ...config });

session.onChange((accessToken) => {
  // Start the redirect flow if there isn't an active session
  if (accessToken === null) session.login();
});

React usage

const Token = createContext();

function TokenProvider({ children }) {
  const [token, setToken] = useState(null);
  useEffect(() => session.onChange(setToken), []); // Will clean up effect automatically

  return <Token.Provider value={token}>{children}</Token.Provider>;
}

See examples for more usage examples.

OpenID Connect provider settings

  • Must have authorization_code and refresh_token grant types enabled
  • Must have token endpoint authentication method set to none
  • Must have refresh token rotation turned on