OAuthService manages the complete OAuth 2.1 and OIDC authentication lifecycle with automatic PKCE, state validation, nonce handling, and token refresh.
import { OAuthService } from 'authsafe-ts';
const oauthService = new OAuthService(config: OAuthConfig);| Property | Type | Required | Description |
|---|---|---|---|
clientId | string | Yes | OAuth client ID from AuthSafe dashboard |
redirectUri | string | Yes | Callback URL after authentication |
scope | string[] | No | Requested scopes. Default: ['openid', 'email', 'profile'] |
authority | string | No | Custom authority URL (auto-detected if not provided) |
popupRedirectUri | string | No | Callback URL for popup authentication |
silentRedirectUri | string | No | Callback URL for silent token refresh |
automaticSilentRenew | boolean | No | Enable automatic token renewal. Default: false |
env | 'development' | 'production' | No | Environment for cookie security |
// Redirect-based login
await oauthService.signinRedirect(extraQueryParams?: Record<string, string>): Promise<void>
// Popup-based login
await oauthService.signinPopup(extraQueryParams?: Record<string, string>): Promise<User>
// Process redirect callback
await oauthService.signinRedirectCallback(): Promise<User>
// Process popup callback
await oauthService.signinPopupCallback(): Promise<void>
// Silent token refresh
await oauthService.signinSilent(): Promise<User | null>
// Process silent callback
await oauthService.signinSilentCallback(url?: string): Promise<void>// Redirect-based logout
await oauthService.signoutRedirect(options?: SignoutOptions): Promise<void>
// Popup-based logout
await oauthService.signoutPopup(options?: SignoutOptions): Promise<void>
// Local logout only
await oauthService.removeUser(): Promise<void>// Get current user
await oauthService.getUser(): Promise<User | null>
// Initialize and restore session
await oauthService.initialize(): Promise<void>
// Refresh tokens manually
await oauthService.refreshToken(refreshToken: string): Promise<TokenResponse>
// Refresh and store tokens
await oauthService.refreshAndStoreTokens(refreshToken: string): Promise<TokenResponse>
// Fetch user profile
await oauthService.fetchUserInfo(accessToken: string): Promise<any>
// Revoke token
await oauthService.revokeToken(token: string, tokenTypeHint?: 'access_token' | 'refresh_token'): Promise<void>// State change (any auth event)
oauthService.onStateChange(callback: () => void): void
// User loaded
oauthService.onUserLoaded(callback: (user: User) => void): void
// User unloaded
oauthService.onUserUnloaded(callback: () => void): void
// Token expiring
oauthService.onAccessTokenExpiring(callback: () => void): void
// Token expired
oauthService.onAccessTokenExpired(callback: () => void): void
// Silent renew error
oauthService.onSilentRenewError(callback: (error: Error) => void): void
// Session changed
oauthService.onUserSessionChanged(callback: () => void): voidimport { OAuthService } from 'authsafe-ts';
const oauthService = new OAuthService({
clientId: 'your-client-id',
redirectUri: 'https://yourapp.com/callback',
scope: ['openid', 'profile', 'email', 'offline_access'],
automaticSilentRenew: true,
silentRedirectUri: 'https://yourapp.com/silent-callback',
env: 'production',
});
// Setup event listeners
oauthService.onUserLoaded((user) => {
console.log('User authenticated:', user.profile);
});
// Initialize on app startup
await oauthService.initialize();
// Login
await oauthService.signinRedirect();
// On callback page
const user = await oauthService.signinRedirectCallback();
// Logout
await oauthService.signoutRedirect();initialize() on app startup to restore sessionsoffline_access scope for refresh tokens