npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@fundwave/oidc-client

v3.1.0

Published

Client for managing tokens for API Calls

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rickygargrickygargishasharmaishasharma

Keywords

Readme

OIDC Client

@fundwave/oidc-client is a lightweight client-side library that allows you to prepare headers for your network-calls by automatically refreshing tokens (if expired) with the provided OIDC server.

Installation

npm install @fundwave/oidc-client

Initialization

import { OIDCClient } from "@fundwave/oidc-client";

const oidcClient = new OIDCClient();

// Set the URL-String where token refresh requests will be sent
oidcClient.setBaseUrl("https://my-awesome-oidc-server.com");

// Set the path on the server which is responsible for the refresh
oidcClient.setRefreshPath("refresh-token");

Note: the refreshPath property defaults to token/refresh

The constructor signature is new OIDCClient(options?, sessionStorageParam?, localStorageParam?). The two storage params are optional and default to the global sessionStorage/localStorage. Inject mock storage (e.g. for SSR/Node/tests) by passing them explicitly. If only one is supplied the other resolves from globalThis, and the refresh flow is skipped when either is unavailable.

Usage

Once the class has been instantiated, you can

  • use the prepareHeaders method to get the required headers for your calls

    const headers = await oidcClient.prepareHeaders();

    prepareHeaders(headers?, tokenType?) accepts an optional tokenType (defaults to "token") selecting which session-storage key supplies the Authorization: Bearer value. Pass "accessToken" or "idToken" to use those instead.

    const headers = await oidcClient.prepareHeaders(undefined, "accessToken");

  • Optionally, directly use the getAccessToken method to refresh (if expired) and return a stored token

    await oidcClient.getAccessToken();

    getAccessToken(tokenType?) also accepts the optional tokenType (defaults to "token") and returns the value stored under that key.

    const accessToken = await oidcClient.getAccessToken("accessToken");

  • If the refresh-token call returns a 401/403 or any other error status, the library will throw an custom-event logged-out

Notes:

  • Tokens aren't refreshed every time the prepareHeaders method is called. Tokens are only refreshed when the token is about to expire.

  • If your client app makes parallel calls to the same object of oidc-client, this library will still make only one active call to your OIDC server. This will reduce network calls and avoid exceeding any rate limits with your OIDC server.

  • Tokens returned by the refresh call are stored at browser's session storage under these keys, when present:

    • token
    • idToken
    • accessToken

  • Refresh Token is maintained at browser's local storage with the key being refreshToken

  • On a failed refresh / logout, the token, idToken, accessToken (session storage) and refreshToken (local storage) keys are all cleared

  • The library will read tokens sent by your OIDC server from either the response body or headers