score:13

Accepted answer

generally i recommend this library - which is probably the most respected option out there: https://github.com/identitymodel/oidc-client-js

you can set endpoints explicitly if needed if you have no discovery endpoint. however, it will depend a little on your oauth2 provider capabilities.

see also this sample: https://github.com/skoruba/react-oidc-client-js

2021 update

there have been 2 changes in recent times that impact my previous answer, meaning the above options are no longer the optimal choice:

  • more recent browser cookies (samesite=strict) are considered stronger
  • browsers drop 3rd party cookies in some parts of the spa flow, eg when renewing tokens via a hidden iframe

these days the preferred solution is to involve an api in the oauth work, to solve these problems. it is a little tricky to understand, but these resources show how, without impacting other parts of the spa architecture:


Related Query

More Query from same tag