The session manager will keep the user's session permanently active until they either explicitly logout, or the authentication server denies a refresh attempt.

Features

Automatic token refresh
Cross-tab session syncronisation
Exposes access_token as an event listener
Zero dependencies

Install

$ npm install pkce-spa

Usage

import { Session } from "pkce-spa";

const session = new Session({ ...config });

session.onChange((accessToken) => {
  // Start the redirect flow if there isn't an active session
  if (accessToken === null) session.login();
});

React usage

const Token = createContext();

function TokenProvider({ children }) {
  const [token, setToken] = useState(null);
  useEffect(() => session.onChange(setToken), []); // Will clean up effect automatically

  return <Token.Provider value={token}>{children}</Token.Provider>;
}

See examples for more usage examples.

OpenID Connect provider settings

Must have authorization_code and refresh_token grant types enabled
Must have token endpoint authentication method set to none
Must have refresh token rotation turned on

FAQs

What is pkce-spa?

Is pkce-spa popular?

Is pkce-spa well maintained?

Last updated on 31 Jul 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install