Interface OidcClientSettings

optional protocol param

The URL of the OIDC/OAuth2 provider

Client authentication method that is used to authenticate when using the token endpoint (default: "client_secret_post")

• "client_secret_basic": using the HTTP Basic authentication scheme
• "client_secret_post": including the client credentials in the request body

See https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication

Your client application's identifier as registered with the OIDC/OAuth2

Will disable PKCE validation, changing to true will not append to sign in request code_challenge and code_challenge_method. (default: false)

optional protocol param

DPoP enabled or disabled

An object containing additional header to be including in request.

An object containing additional query string parameters to be including in the authorization request. E.g, when using Azure AD to obtain an access token an additional resource parameter is required. extraQueryParams: {resource:"some_identifier"}

Sets the credentials for fetch requests. (default: "same-origin") Use this if you need to send cookies to the OIDC/OAuth2 provider or if you are using a proxy that requires cookies

Should optional OIDC protocol claims be removed from profile or specify the ones to be removed (default: true) When true, the following claims are removed by default: ["nbf", "jti", "auth_time", "nonce", "acr", "amr", "azp", "at_hash"] When specifying claims, the following claims are not allowed: ["sub", "iss", "aud", "exp", "iat"]

Flag to control if additional identity data is loaded from the user info endpoint in order to populate the user's profile (default: false)

optional protocol param

Indicates how objects returned from the user info endpoint as claims (e.g. address) are merged into the claims from the id token as a single object. (default: { array: "replace" })

• array: "replace": natives (string, int, float) and arrays are replaced, objects are merged as distinct objects
• array: "merge": natives (string, int, float) are replaced, arrays and objects are merged as distinct objects

Provide metadata when authority server does not allow CORS on the metadata endpoint

Can be used to seed or add additional values to the results of the discovery request

https://datatracker.ietf.org/doc/html/rfc6749#section-3.3 describes behavior when omitting scopes from sign in requests If the IDP supports default scopes, this setting will ignore the scopes property passed to the config. (Default: false)

The OIDC/OAuth2 post-logout redirect URI

optional protocol param

The redirect URI of your client application to receive a response from the OIDC/OAuth2 provider

Only scopes in this list will be passed in the token refresh request.

Defines request timeouts globally across all requests made to the authorisation server

optional protocol param

Optional protocol param The response mode used by the authority server is defined by the response_type unless explicitly specified:

• Response mode for the OAuth 2.0 response type "code" is the "query" encoding
• Response mode for the OAuth 2.0 response type "token" is the "fragment" encoding

The type of response desired from the OIDC/OAuth2 provider (default: "code")

Will check the content type header of the response of the revocation endpoint to match these passed values (default: [])

The scope being requested from the OIDC/OAuth2 provider (default: "openid")

Provide signingKeys when authority server does not allow CORS on the jwks uri

Number (in seconds) indicating the age of state entries in storage for authorize requests that are considered abandoned and thus can be cleaned up (default: 900)

Storage object used to persist interaction state (default: window.localStorage, InMemoryWebStorage iff no window). E.g. stateStore: new WebStorageStateStore({ store: window.localStorage })

optional protocol param