pkce-spa
An authentication session manager for OpenID Connect using PKCE.
The session manager will keep the user's session permanently active until they
either explicitly logout, or the authentication server denies a refresh attempt.
Features
- Automatic token refresh
- Cross-tab session syncronisation
- Exposes
access_token
as an event listener - Zero dependencies
Install
$ npm install pkce-spa
Usage
import { Session } from "pkce-spa";
const session = new Session({ ...config });
session.onChange((accessToken) => {
if (accessToken === null) session.login();
});
React usage
const Token = createContext();
function TokenProvider({ children }) {
const [token, setToken] = useState(null);
useEffect(() => session.onChange(setToken), []);
return <Token.Provider value={token}>{children}</Token.Provider>;
}
See examples for more usage examples.
OpenID Connect provider settings
- Must have
authorization_code
and refresh_token
grant types enabled - Must have token endpoint authentication method set to
none
- Must have refresh token rotation turned on