Function: authorizationCodeGrant()

August 29, 2025 ยท View on GitHub

๐Ÿ’— Help the project

Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.


โ–ธ authorizationCodeGrant(config, currentUrl, checks?, tokenEndpointParameters?, options?): Promise<TokenEndpointResponse & TokenEndpointResponseHelpers>

This method validates the authorization response and then executes the Authorization Code Grant at the Authorization Server's token endpoint to obtain an access token. ID Token and Refresh Token are also optionally issued by the server.

Parameters

ParameterTypeDescription
configConfiguration-
currentUrlURL | RequestCurrent URL the Authorization Server provided an Authorization Response to or a Request, the Authorization Code Grant parameters are extracted from this.
checks?AuthorizationCodeGrantChecksCSRF Protection checks like PKCE, expected state, or expected nonce
tokenEndpointParameters?Record<string, string> | URLSearchParamsAdditional parameters that will be sent to the token endpoint, typically used for parameters such as resource (Resource Indicator) in cases where multiple resource indicators were requested but the authorization server only supports issuing an access token with a single audience
options?AuthorizationCodeGrantOptions-

Returns

Promise<TokenEndpointResponse & TokenEndpointResponseHelpers>

Examples

let config!: client.Configuration
let getCodeVerifierFromSession!: (...args: any) => string
let getCurrentUrl!: (...args: any) => URL

let tokens = await client.authorizationCodeGrant(
  config,
  getCurrentUrl(),
  {
    pkceCodeVerifier: getCodeVerifierFromSession(),
  },
)

Using an incoming Request instance

let config!: client.Configuration
let getCodeVerifierFromSession!: (...args: any) => string
let request!: Request

let tokens = await client.authorizationCodeGrant(config, request, {
  pkceCodeVerifier: getCodeVerifierFromSession(),
})