Function: implicitAuthentication()
August 29, 2025 ยท View on GitHub
Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
โธ implicitAuthentication(config, currentUrl, expectedNonce, checks?): Promise<IDToken>
This method validates the authorization server's Implicit Authentication Flow Response.
Note
URL of the authorization server's JWK Set document
must be configured.
Note
Only response_type=id_token responses are supported and prior use of
useIdTokenResponseType is required.
Parameters
| Parameter | Type | Description |
|---|---|---|
config | Configuration | - |
currentUrl | URL | Request | Current URL the Authorization Server provided an Authorization Response to or a Request, the Authentication Response Parameters are extracted from this. |
expectedNonce | string | Expected value of the nonce ID Token claim. This value must match exactly. |
checks? | ImplicitAuthenticationResponseChecks | Additional optional Implicit Authentication Response checks |
Returns
ID Token Claims Set
Examples
Using an incoming Request instance
let config!: client.Configuration
let expectedNonce!: string
let request!: Request
let idTokenClaims = await client.implicitAuthentication(
config,
request,
expectedNonce,
)
When using a form_post response mode without a Request instance
let config!: client.Configuration
let expectedNonce!: string
let getCurrentUrl!: (...args: any) => URL
let getBody!: (...args: any) => Record<string, string>
let url = getCurrentUrl()
url.hash = new URLSearchParams(getBody()).toString()
let idTokenClaims = await client.implicitAuthentication(
config,
url,
expectedNonce,
)
In a browser environment
let config!: client.Configuration
let expectedNonce!: string
let getCurrentUrl!: (...args: any) => URL
let tokens = await client.implicitAuthentication(
config,
new URL(location.href),
expectedNonce,
)