npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

signicat-client-ts

v1.4.0

Published

Community TypeScript client for Signicat Authentication REST API with automatic token management

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

jungminjungmin

Keywords

signicatauthenticationidentitytypescriptrest-apioauth2

Readme

Signicat REST API TypeScript Client

A community TypeScript client for the Signicat Authentication REST API with automatic token management.

📖 한국어 문서

Installation

npm install signicat-client-ts --save

Features

  • TypeScript interface for communicating with Signicat Authentication REST API
  • Axios-based HTTP client
  • Automatic access token management (issuance, caching, renewal)
  • TypeScript type definitions for type safety

Quick Start

import { SignicatClient } from "signicat-client-ts";

// Configure automatic token management (static method)
SignicatClient.configureAuth({
  clientId: "YOUR_CLIENT_ID",
  clientSecret: "YOUR_CLIENT_SECRET",
  // Optional parameters
  // tokenUrl: 'https://api.signicat.com/auth/open/connect/token', // default
  // scope: 'signicat-api', // default
  // expirationBuffer: 60 // refresh token 60 seconds before expiry (default)
});

// Create client instance
const client = new SignicatClient();

// API calls - tokens are automatically managed
async function createSession() {
  try {
    const sessionRequest = {
      flow: "redirect",
      allowedProviders: ["nbid", "sbid"],
      requestedAttributes: ["firstName", "lastName", "email", "dateOfBirth"],
      language: "en",
      callbackUrls: {
        success: "https://example.com/success",
        abort: "https://example.com/abort",
        error: "https://example.com/error",
      },
    };

    const session = await client.authenticationSession.createSession(sessionRequest);
    console.log("Session created:", session);
    return session;
  } catch (error) {
    console.error("Error creating session:", error);
    throw error;
  }
}

API Reference

SignicatClient

Automatic Token Management Configuration

// Configure automatic token management with static method
SignicatClient.configureAuth({
  clientId: string, // Signicat API client ID (required)
  clientSecret: string, // Signicat API client secret (required)
  tokenUrl: string, // Token endpoint URL (default: 'https://api.signicat.com/auth/open/connect/token')
  scope: string, // OAuth scope (default: 'signicat-api')
  expirationBuffer: number, // Token refresh time before expiry in seconds (default: 60)
});

Client Initialization Options

const client = new SignicatClient({
  BASE: string, // API base URL (default: 'https://api.signicat.com/auth/rest')
  VERSION: string, // API version (default: '1')
  WITH_CREDENTIALS: boolean, // Include credentials (default: false)
});

AuthenticationSessionService

createSession(requestBody: SessionRequestDto): Promise

Creates a new authentication session.

SessionRequestDto key properties:

  • flow: Authentication flow type ("redirect" | "embedded" | "headless")
  • requestedAttributes: Array of user attributes to request (e.g., ["firstName", "lastName", "email"])
  • callbackUrls: Callback URL configuration
    • success: Redirect URL on success
    • abort: Redirect URL on abort
    • error: Redirect URL on error
  • allowedProviders: Array of allowed authentication providers (e.g., ["nbid", "sbid", "idin"])
  • language: UI language setting (ISO 639-1 format, e.g., "en", "no", "sv")
  • sessionLifetime: Session expiry time in seconds (default: 1200 seconds)
  • externalReference: External reference ID
  • themeId: Theme ID

getSession(id: string, sessionNonce?: string): Promise

Retrieves the status of an existing session.

cancelSession(id: string): Promise

Cancels an ongoing session.

Error Handling

The client returns API errors as ApiError instances. Handle errors as follows:

import { ApiError } from "signicat-client-ts";

try {
  const session = await client.authenticationSession.createSession(sessionData);
  // Handle success
} catch (error) {
  if (error instanceof ApiError) {
    console.error("API Error:", error.status, error.message);
    // Handle error based on status code
    switch (error.status) {
      case 400:
        // Handle bad request
        break;
      case 401:
        // Handle authentication error
        break;
      case 403:
        // Handle authorization error
        break;
      case 404:
        // Handle resource not found
        break;
      case 500:
        // Handle server error
        break;
      default:
        // Handle other errors
        break;
    }
  } else {
    console.error("Unknown error:", error);
  }
}

How Automatic Token Management Works

The automatic token management feature works as follows:

  1. Call SignicatClient.configureAuth() to set client ID and secret.
  2. Access tokens are automatically retrieved on the first API request.
  3. Tokens are cached in memory and reused for subsequent requests.
  4. New tokens are automatically retrieved before expiry (default: 60 seconds before expiration).
  5. If token-related errors (401) occur, tokens are automatically renewed and requests are retried.

This approach allows users to use the API without worrying about token management.

Framework Integration Guides

Using with NestJS

Module Setup

// signicat.module.ts
import { Module } from "@nestjs/common";
import { SignicatClient } from "signicat-client-ts";

@Module({
  providers: [
    {
      provide: "SIGNICAT_CLIENT",
      useFactory: () => {
        // Configure automatic token management
        SignicatClient.configureAuth({
          clientId: process.env.SIGNICAT_CLIENT_ID,
          clientSecret: process.env.SIGNICAT_CLIENT_SECRET,
        });

        // Create client instance
        return new SignicatClient();
      },
    },
  ],
  exports: ["SIGNICAT_CLIENT"],
})
export class SignicatModule {}

Service Usage

// auth.service.ts
import { Injectable, Inject } from "@nestjs/common";
import { SignicatClient, SessionRequestDto } from "signicat-client-ts";

@Injectable()
export class AuthService {
  constructor(@Inject("SIGNICAT_CLIENT") private readonly signicatClient: SignicatClient) {}

  async createAuthenticationSession(sessionData: SessionRequestDto) {
    try {
      const session = await this.signicatClient.authenticationSession.createSession(sessionData);
      return session;
    } catch (error) {
      // Handle error
      throw error;
    }
  }

  async getSessionStatus(sessionId: string) {
    try {
      const sessionStatus = await this.signicatClient.authenticationSession.getSession(sessionId);
      return sessionStatus;
    } catch (error) {
      // Handle error
      throw error;
    }
  }

  async cancelSession(sessionId: string) {
    try {
      const result = await this.signicatClient.authenticationSession.cancelSession(sessionId);
      return result;
    } catch (error) {
      // Handle error
      throw error;
    }
  }
}

Using with React

In React applications, you can create a service class to communicate with the Signicat API.

Creating API Service

// signicatService.ts
import { SignicatClient, SessionRequestDto, SessionDataDto } from "signicat-client-ts";

// Warning: Client secrets should not be exposed in browser environments.
// In React applications, it's recommended to manage tokens through a backend.
class SignicatService {
  private client: SignicatClient;

  constructor() {
    // Do not use automatic token management directly in the client,
    // instead get tokens from your backend.
    // Use SignicatClient.configureAuth() on your backend.
    this.client = new SignicatClient();
  }

  async createSession(sessionData: SessionRequestDto): Promise<SessionDataDto> {
    try {
      return await this.client.authenticationSession.createSession(sessionData);
    } catch (error) {
      console.error("Failed to create session:", error);
      throw error;
    }
  }

  async getSession(sessionId: string): Promise<SessionDataDto> {
    try {
      return await this.client.authenticationSession.getSession(sessionId);
    } catch (error) {
      console.error("Failed to get session:", error);
      throw error;
    }
  }

  async cancelSession(sessionId: string): Promise<SessionDataDto> {
    try {
      return await this.client.authenticationSession.cancelSession(sessionId);
    } catch (error) {
      console.error("Failed to cancel session:", error);
      throw error;
    }
  }
}

// Create singleton instance
export const signicatService = new SignicatService();

Supported Authentication Providers (allowedProviders)

🎯 Type-Safe Provider Selection

The library provides TypeScript support for allowedProviders with compile-time validation and IDE auto-completion.

Basic Usage with Type Safety

import { SignicatClient, SessionRequestDto, AuthenticationProvider } from "signicat-client-ts";

// ✅ Type-safe approach (recommended)
const sessionRequest: SessionRequestDto = {
  flow: SessionRequestDto.flow.REDIRECT,
  allowedProviders: [
    AuthenticationProvider.NBID, // Norwegian BankID
    AuthenticationProvider.SK_MOBILEID, // SK Mobile-ID
    AuthenticationProvider.MITID, // Danish MitID
  ],
  requestedAttributes: ["firstName", "lastName", "email"],
  // ... other options
};

Dynamic Provider Validation

import { isValidAuthenticationProvider } from "signicat-client-ts";

// Validate user input
const userInput = ["nbid", "invalid-provider", "mitid"];
const validProviders = userInput.filter(isValidAuthenticationProvider);
// Result: ["nbid", "mitid"]

// Safe provider selection from user input
function createSessionWithUserProviders(userProviders: string[]) {
  const validProviders = userProviders.filter(isValidAuthenticationProvider);

  if (validProviders.length === 0) {
    throw new Error("No valid providers specified");
  }

  return {
    allowedProviders: validProviders,
    // ... other session options
  };
}

Supported Providers

The following authentication providers are supported:

  • ftn - Finnish Trust Network
  • nbid - Norwegian BankID
  • mojeid-pl - MojeID (Poland)
  • beid - Belgium eID
  • sk-mobileid - SK Mobile-ID (Estonia & Lithuania)
  • et-smartcard - Estonian ID Card
  • eparaksts-mobile - eParaksts Mobile (Latvia)
  • idin - iDIN (Netherlands)
  • mitid - Danish MitID
  • samleikin - Samleikin (Iceland)
  • spid - Italian SPID
  • itsme - Itsme (Belgium)

Benefits of Type-Safe Provider Selection

IDE Auto-completion: Get intelligent suggestions while typing
Compile-time Validation: Catch provider name typos before runtime
Type Safety: Ensure only valid providers are used

Example: Complete Type-Safe Session Creation

import { SignicatClient, SessionRequestDto, AuthenticationProvider } from "signicat-client-ts";

// Configure client
SignicatClient.configureAuth({
  clientId: process.env.SIGNICAT_CLIENT_ID!,
  clientSecret: process.env.SIGNICAT_CLIENT_SECRET!,
});

const client = new SignicatClient();

// Create session with type-safe providers
const session = await client.authenticationSession.createSession({
  flow: SessionRequestDto.flow.REDIRECT,
  allowedProviders: [AuthenticationProvider.NBID, AuthenticationProvider.MITID, AuthenticationProvider.IDIN],
  requestedAttributes: ["firstName", "lastName", "email", "dateOfBirth"],
  callbackUrls: {
    success: "https://yourapp.com/auth/success",
    error: "https://yourapp.com/auth/error",
    abort: "https://yourapp.com/auth/abort",
  },
  language: "en",
  sessionLifetime: 1200,
});

Note: The actual available providers may vary depending on your Signicat account configuration. For detailed information, please refer to the Signicat Developer Documentation.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

MIT

Links