Package: auth

The auth package defines generic authentication abstractions that are usable across multiple protocols.

---

Classes

OAuth2ClientCredentials

Credentials class implementing the OAuth 2.0 Client Credentials grant. Retrieves and refreshes access tokens from a direct OAuth 2.0 token endpoint (token_url) using the Client Credentials grant.

Constructors

• OAuth2ClientCredentials (clientId : string, clientSecret : string, tokenEndpoint : string)

  Initialize the credential helper.

  clientId : string

  OAuth 2.0 client identifier

  clientSecret : string

  OAuth 2.0 client secret

  tokenEndpoint : string

  OAuth 2.0 token endpoint URL

Methods

• getToken (forceRefresh? : boolean) : RefreshTokenResponse

  Obtains a valid token for the client. If forceRefresh is set to true, a new token is fetched and cached regardless of the current token’s expiry. The cached token is returned when it does not expire in the next 5 minutes (300 seconds). Otherwise, a new one is fetched and cached.

  Implementations must be thread-safe.

  forceRefresh? : boolean

  Set to true to bypass the cache and fetch a new token (default: false). NOT RECOMMENDED. Force with caution!

RefreshTokenResponse

Parsed token data

Properties

• accessToken: string

  OAuth 2.0 token

• expiresAt: Datetime

  Token's expiration time.

OIDCDiscoveryMetadata

Parsed OIDC discovery document exposing useful endpoints.

Properties

• tokenEndpoint: string

  OAuth 2.0 token endpoint URL advertised by the provider

Functions

• fetchOIDCDiscovery (issuerUrl : string) : OIDCDiscoveryMetadata

  Retrieve and parse the OIDC discovery document for the given issuer. See: https://openid.net/specs/openid-connect-discovery-1_0.html

  issuerUrl : string

  Base URL of the OIDC issuer