Function: validateCodeIdTokenResponse()
August 29, 2025 ยท View on GitHub
Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
โธ validateCodeIdTokenResponse(as, client, parameters, expectedNonce, expectedState?, maxAge?, options?): Promise<URLSearchParams>
Same as validateAuthResponse but for code id_token authorization responses.
Parameters
| Parameter | Type | Description |
|---|---|---|
as | AuthorizationServer | Authorization Server Metadata. |
client | Client | Client Metadata. |
parameters | URLSearchParams | Request | URL | Authorization Response parameters as URLSearchParams, instance of URL with parameters in a fragment/hash, or a form_post Request instance. |
expectedNonce | string | Expected ID Token nonce claim value. |
expectedState? | string | typeof expectNoState | Expected state parameter value. Default is expectNoState. |
maxAge? | number | typeof skipAuthTimeCheck | ID Token auth\_time claim value will be checked to be present and conform to the maxAge value. Use of this option is required if you sent a max_age parameter in an authorization request. Default is client.default\_max\_age and falls back to skipAuthTimeCheck. |
options? | ValidateSignatureOptions & JWEDecryptOptions | - |
Returns
Validated Authorization Response parameters. Authorization Error Responses are rejected using AuthorizationResponseError.