When configured on an interface that extends HttpRequestOptions, that's every options parameter for functions that trigger HTTP Requests, this replaces the use of global fetch. As a fetch replacement the arguments and expected return are the same as fetch.

Use this as a value to processAuthorizationCodeOpenIDResponse expectedNonce parameter to indicate no nonce ID Token claim value is expected, i.e. no nonce parameter value was sent with the authorization request.

Use this as a value to validateAuthResponse expectedState parameter to indicate no state parameter value is expected, i.e. no state parameter value was sent with the authorization request.

Use this as a value to processAuthorizationCodeOpenIDResponse maxAge parameter to indicate no auth_time ID Token claim value check should be performed.

DANGER ZONE

DANGER ZONE

When combined with customFetch (to use a Fetch API implementation that supports client certificates) this can be used to target FAPI 2.0 profiles that utilize Mutual-TLS for either client authentication or sender constraining. FAPI 1.0 Advanced profiles that use PAR and JARM can also be targetted.

Performs an Authorization Code grant request at the AuthorizationServer.token_endpoint | as.token_endpoint.

Calculates the PKCE code_verifier value to send with an authorization request using the S256 PKCE Code Challenge Method transformation.

Performs a Client Credentials Grant request at the AuthorizationServer.token_endpoint | as.token_endpoint.

Performs a Device Authorization Request at the AuthorizationServer.device_authorization_endpoint | as.device_authorization_endpoint.

Performs a Device Authorization Grant request at the AuthorizationServer.token_endpoint | as.token_endpoint.

Performs an authorization server metadata discovery using one of two DiscoveryRequestOptions.algorithm | transformation algorithms applied to the issuerIdentifier argument.

Generates a CryptoKeyPair for a given JWS alg Algorithm identifier.

Generate random code_verifier value.

Generate random nonce value.

Generate random state value.

Returns ID Token claims validated during processAuthorizationCodeOpenIDResponse.

Performs an Introspection Request at the AuthorizationServer.introspection_endpoint | as.introspection_endpoint.

A helper function used to determine if a response processing function returned an OAuth2Error.

Generates a signed JWT-Secured Authorization Request (JAR).

Parses the WWW-Authenticate HTTP Header from a Response instance.

(OAuth 2.0 without OpenID Connect only) Validates Authorization Code Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

(OpenID Connect only) Validates Authorization Code Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

Validates Client Credentials Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

Validates Response instance to be one coming from the AuthorizationServer.device_authorization_endpoint | as.device_authorization_endpoint.

Validates Device Authorization Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

Validates Response instance to be one coming from the authorization server's well-known discovery endpoint.

Validates Response instance to be one coming from the AuthorizationServer.introspection_endpoint | as.introspection_endpoint.

Validates Response instance to be one coming from the AuthorizationServer.pushed_authorization_request_endpoint | as.pushed_authorization_request_endpoint.

Validates Refresh Token Grant Response instance to be one coming from the AuthorizationServer.token_endpoint | as.token_endpoint.

Validates Response instance to be one coming from the AuthorizationServer.revocation_endpoint | as.revocation_endpoint.

Validates Response instance to be one coming from the AuthorizationServer.userinfo_endpoint | as.userinfo_endpoint.

Performs a protected resource request at an arbitrary URL.

Performs a Pushed Authorization Request at the AuthorizationServer.pushed_authorization_request_endpoint | as.pushed_authorization_request_endpoint.

Performs a Refresh Token Grant request at the AuthorizationServer.token_endpoint | as.token_endpoint.

Performs a Revocation Request at the AuthorizationServer.revocation_endpoint | as.revocation_endpoint.

Performs a UserInfo Request at the AuthorizationServer.userinfo_endpoint | as.userinfo_endpoint.

Validates an OAuth 2.0 Authorization Response or Authorization Error Response message returned from the authorization server's AuthorizationServer.authorization_endpoint | as.authorization_endpoint.

Same as validateAuthResponse but for FAPI 1.0 Advanced Detached Signature authorization responses.

Validates use of JSON Web Token (JWT) OAuth 2.0 Access Tokens for a given Request as per RFC 6750, RFC 9068, and RFC 9449.

Same as validateAuthResponse but for signed JARM responses.

Authorization Server Metadata

Recognized Client Metadata that have an effect on the exposed functionality.

Interface to pass an asymmetric private key and, optionally, its associated JWK Key ID to be added as a kid JOSE Header Parameter.

Supported Client Authentication Methods.

JSON Array

JSON Object

JSON Primitives

JSON Values

Supported JWS alg Algorithm identifiers.