Class: AuthorizationCodeFlow

An implementation of Authorization Code Flow designed for Single Page Apps (SPA)

There are two strategies for calling /authorize available in a browser environment

• Redirect Model TODO
• Silent Prompt TODO

See

Okta Documentation:

• Authorization Code Flow: Concepts
• Authorization Code Flow: Guide

Constructors

new AuthorizationCodeFlow()

new AuthorizationCodeFlow(options): AuthorizationCodeFlow

Parameters

• options: AuthorizationCodeFlowOptions

Returns

AuthorizationCodeFlow

new AuthorizationCodeFlow()

new AuthorizationCodeFlow(client, options): AuthorizationCodeFlow

Parameters

• client: OAuth2Client

• options: AuthorizationCodeFlowOptions

Returns

AuthorizationCodeFlow

Properties

client

readonly client: OAuth2Client

---

redirectUri

readonly redirectUri: string

---

additionalParameters

readonly additionalParameters: Record<string, string>

Accessors

isAuthenticating

get isAuthenticating(): boolean

set isAuthenticating(isAuthenticating): void

Parameters

• isAuthenticating: boolean

Returns

boolean

Methods

reset()

reset(): void

Returns

void

---

start()

start(meta, context?, additionalParameters?): Promise<URL>

Initiates an Authorization Code flow

Parameters

• meta: TransactionMeta = {}

A map of key/values to be loaded upon redirect from Authorization Server back to Web App

• context?: Context

Optional. AuthorizationCodeFlow.Context can be provided. One will be created if none is provided

• additionalParameters?: Record<string, string> = {}

Optional. A map of URL query parameters to be added to the /authorize request

Returns

Promise<URL>

A URL instance representing Authorization Server /authorize with all required query parameters

---

resume()

resume(redirectUri?): Promise<Result>

Continues an Authorization Code flow. Used when handling the redirect back to the Web App from an Authorization Server

Parameters

• redirectUri?: string

Returns

Promise<Result>

Remarks

This method will only be used with Redirect Model

Authorize Methods

PerformRedirect()

static PerformRedirect(flow): Promise<void>

Performs a browser full-page redirect to the Authorization Server /authorize endpoint. Once authentication is successful, the user will be redirected back to the provided redirectUri

Parameters

• flow: AuthorizationCodeFlow

Returns

Promise<void>

Remarks

This method returns a Promise that will never fulfill; a browser redirect will occur first

See

AuthorizationCodeFlow.resume

---

PerformSilently()

static PerformSilently(flow): Promise<Result>

Fulfills the /authorize request within a hidden iframe and therefore does not require a redirect. This requires an existing cookie-based session with the IDP and is susceptible to third-party cookie restrictions.

Parameters

• flow: AuthorizationCodeFlow

Returns

Promise<Result>

Returns a Token and the AuthorizationCodeFlow.Context used to request the token

Remarks

This approach is not recommended for most common use cases and may be deprecated in the future. Use AuthorizationCodeFlow.PerformRedirect instead

See

• Silent Authentication
• Third-party Cookie Deprecation