Skip to main content

Identity Server 4

This library supports authenticating for Identity Server 4 out of the box. Some quirks:

  1. In order to enable refresh tokens, offline_access must be passed in as a scope variable
  2. In order to revoke the access token, we must sent client id in the method body of the request. This is not part of the OAuth spec.
// Note "offline_access" scope is required to get a refresh token
const config = {
  issuer: 'https://demo.identityserver.io',
  clientId: 'native.code',
  redirectUrl: 'io.identityserver.demo:/oauthredirect',
  scopes: ['openid', 'profile', 'offline_access'],
};

// Log in to get an authentication token
const authState = await authorize(config);

// Refresh token
const refreshedState = await refresh(config, {
  refreshToken: authState.refreshToken,
});

// Revoke token, note that Identity Server expects a client id on revoke
await revoke(config, {
  tokenToRevoke: refreshedState.refreshToken,
  sendClientId: true,
});
Example server configuration
var client = new Client
{
  ClientId = "native.code",
  ClientName = "Native Client (Code with PKCE)",
  RequireClientSecret = false,
  RedirectUris = { "io.identityserver.demo:/oauthredirect" },
  AllowedGrantTypes = GrantTypes.Code,
  RequirePkce = true,
  AllowedScopes = { "openid", "profile" },
  AllowOfflineAccess = true
};