How to refresh access_token with PKCE?

authts / oidc-client-ts

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications

https://authts.github.io/oidc-client-ts/

Apache License 2.0

1.39k stars 208 forks source link

How to refresh access_token with PKCE? #1014

Closed sasaken555 closed 1 year ago

sasaken555 commented 1 year ago

Is it possible to refresh expired access_token with refresh_token in code flow + PKCE in this library? As mentioned in #548, the library supports signin with PKCE.

RFC 7636 section-4.5 says "code_verifier" is a required parameter to call token endpoint when PKCE enabled. But TokenClient.ts does not set "code_verifier".

How do I set it, or any workaround there?

pamapa commented 1 year ago

This library does refresh by default the access token (automaticSilentRenew see https://github.com/authts/oidc-client-ts/blob/89733f5db534f77acac47693a57758067dea2413/src/UserManagerSettings.ts#L51-L52). You can disable that feature and do it by your own with signinSilent (see https://github.com/authts/oidc-client-ts/blob/89733f5db534f77acac47693a57758067dea2413/src/UserManager.ts#L255).

sasaken555 commented 1 year ago

automaticSilentRenew works fine in my case. Thanks!