by openid

openid /AppAuth-JS

JavaScript client SDK for communicating with OAuth 2.0 and OpenID Connect providers.

541 Stars 94 Forks Last release: Not found Apache License 2.0 83 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

AppAuth for JS

AppAuth for JavaScript is a client SDK for public clients for communicating with OAuth 2.0 and OpenID Connect providers following the best practice RFC 8252 - OAuth 2.0 for Native Apps. The library is designed for use in

Web Apps
CLI applications,
Chrome Apps
and applications that use
or similar frameworks.

It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language.

The library also supports the PKCE extension to OAuth which was created to secure authorization codes in public clients when custom URI scheme redirects are used. The library is friendly to other extensions (standard or otherwise) with the ability to handle additional parameters in all protocol requests and responses.


An example application using the library is included in the

folder and at

Auth Flow

AppAuth supports manual interaction with the Authorization Server where you need to perform your own token exchanges. This example performs a manual exchange.

Fetch Service Configuration
  .then(response => {
    log('Fetched service configuration', response);
    this.configuration = response;
    this.showMessage('Completed fetching configuration');
  .catch(error => {
    log('Something bad happened', error);
    this.showMessage(`Something bad happened ${error}`)
Make Authorization Requests
this.notifier = new AuthorizationNotifier();
// uses a redirect flow
this.authorizationHandler = new RedirectRequestHandler();
// set notifier to deliver responses
// set a listener to listen for authorization responses
this.notifier.setAuthorizationListener((request, response, error) => {
  log('Authorization request complete ', request, response, error);
  if (response) {
    this.code = response.code;
    this.showMessage(`Authorization Code ${response.code}`);

// create a request let request = new AuthorizationRequest({ client_id: clientId, redirect_uri: redirectUri, scope: scope, response_type: AuthorizationRequest.RESPONSE_TYPE_CODE, state: undefined, extras: {'prompt': 'consent', 'access_type': 'offline'} });

// make the authorization request this.authorizationHandler.performAuthorizationRequest(this.configuration, request);

Making Token Requests
this.tokenHandler = new BaseTokenRequestHandler();

let request: TokenRequest|null = null;

if (this.code) { let extras: StringMap|undefined = undefined; if (this.request && this.request.internal) { extras = {}; extras['code_verifier'] = this.request.internal['code_verifier']; } // use the code to make the token request. request = new TokenRequest({ client_id: clientId, redirect_uri: redirectUri, grant_type: GRANT_TYPE_AUTHORIZATION_CODE, code: this.code, refresh_token: undefined, extras: extras }); } else if (this.tokenResponse) { // use the token response to make a request for an access token request = new TokenRequest({ client_id: clientId, redirect_uri: redirectUri, grant_type: GRANT_TYPE_REFRESH_TOKEN, code: undefined, refresh_token: this.tokenResponse.refreshToken, extras: undefined }); }

this.tokenHandler.performTokenRequest(this.configuration, request) .then(response => { // ... do something with token response });



This client has been written with TypeScript.


  • Install the latest version of Node. NVM (Node Version Manager is highly recommended).

  • Use

    nvm install
    to install the recommended Node.js version.
  • Download the latest version of Visual Studio Code from here.

Provision Dependencies

This app uses

to provision it dependencies.
  • git clone
    library and go to the root folder of the project containing
  • npm install
    to install all the dev and project dependencies.

Thats it! You are now ready to start working on


Development Workflow

The project uses

scripts to automate development workflows. These scripts are made available via the

The following scripts are included:

  • npm run-script compile
    will compile all your TypeScript files. All compiled files go into the
  • npm run-script watch
    tsc --watch
    will compile your TypeScript files in
    mode. Recommended if you want to get continuous feedback.
  • npm run-script build-app
    generates the output
    file in the
    directory. This includes the full
    library including all its dependencies.
  • npm test
    provisions the
    test runner to run all unit tests. All tests are written using Jasmine. To DEBUG your tests, click on the
    button in the Karma test runner to look at the actual source of the tests. You can attach break points here.
  • npm run-script app
    builds the test app on a local web server. This is an end-to-end app which uses AppAuthJS and is a demonstration on how to use the library.
  • npm run-script node-app
    builds a Node.js CLI sample app. This is an end-to-end app which uses AppAuthJS in a Node.js context.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.