npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

undici-oidc-interceptor

v0.9.0

Published

Automatically manage OIDC access tokens for Undici requests

Downloads

6,192

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mzugmmzugmivan-tymoshenkoivan-tymoshenkomarcopiraccinimarcopiraccinileorossileorossishogun_pandashogun_pandamatteo.collinamatteo.collinaqardqardlucamaraschilucamaraschisimone.sanfrasimone.sanfra

Keywords

Readme

undici-oidc-interceptor

NPM version

undici-oidc-interceptor manages an OIDC access token and transparently sets the Authorization header on any request that is going to a limited set of domains.

The token is automatically renewed after it expires. It supports both a refresh_token and client_credentials grants.

Install

npm i undici undici-oidc-interceptor

Usage with client credentials

const { Agent } = require('undici')
const { createOidcInterceptor } = require('undici-oidc-interceptor')
const dispatcher = new Agent().compose(createOidcInterceptor({
      // The paramerts for the cliend_credentials grant of OIDC
      clientId: 'FILLME',
      clientSecret: 'FILLME',
      idpTokenUrl: 'https://your-idp.com/token',

      // Set an array of status codes that the interceptor should refresh and
      // retry the request on
      retryOnStatusCodes: [401],

      // The array of urls that this interceptor will be appending `Authorization` header
      // for automatically
      urls: ['FILLME'],

      // OPTIONAL: an initial access token
      accessToken: ''
    }))

Usage with refresh token

const { Agent } = require('undici')
const { createOidcInterceptor } = require('undici-oidc-interceptor')
const dispatcher = new Agent().compose(createOidcInterceptor({
      // Provide a refresh token so the interceptor can manage the access token
      // The refresh token must include an issuer (`iss`)
      refreshToken: '',
      idpTokenUrl: 'https://your-idp.com/token',
      clientId: 'FILLME',

      // Set an array of status codes that the interceptor should refresh and
      // retry the request on
      retryOnStatusCodes: [401],

      // The array of urls that this interceptor will be appending `Authorization` header
      // for automatically
      urls: [],

      // OPTIONAL: an initial access token
      accessToken: ''
    }))

Custom authentication decision

const { Agent } = require('undici')
const { createOidcInterceptor } = require('undici-oidc-interceptor')
const dispatcher = new Agent().compose(createOidcInterceptor({
      // Provide a refresh token so the interceptor can manage the access token
      // The refresh token must include an issuer (`iss`)
      refreshToken: '',
      idpTokenUrl: 'https://your-idp.com/token',
      clientId: 'FILLME',

      // Set an array of status codes that the interceptor should refresh and
      // retry the request on
      retryOnStatusCodes: [401],

      // OPTIONAL: a callback function, if return 'true' then this interceptor will include `Authorization` header
      shouldAuthenticate: (opts) => opts.header['something'] === 'test',

      // OPTIONAL: an initial access token
      accessToken: ''
    }))

Note: shouldAuthenticate has higher priority than urls. Fallback to urls behavior when shouldAuthenticate is not provided

Per-request scope override

You can override the default scope for individual requests:

const { Agent, setGlobalDispatcher, request } = require('undici')
const { createOidcInterceptor } = require('undici-oidc-interceptor')

const agent = new Agent().compose(createOidcInterceptor({
  clientId: 'FILLME',
  clientSecret: 'FILLME',
  idpTokenUrl: 'https://your-idp.com/token',
  urls: ['https://api.example.com'],
  scope: 'read write'
}))

setGlobalDispatcher(agent)

// Uses default scope from interceptor config
await request('https://api.example.com/resource')

// Uses custom scope for this request
await request('https://api.example.com/admin', {
  oidc: { scope: 'admin' }
})

Token store

This interceptor uses the async-cache-dedupe package to cache access tokens. This improves efficiency by enabling token reuse across processes or instances and avoids unnecessary token refresh requests.

  • Default: In-memory storage.
  • Custom storage: You can provide your own backend (e.g., Redis) by supplying a compatible async-cache-dedupe configuration.

Example: Using Redis as the token store

const Redis = require('ioredis')
const { Agent } = require('undici')
const { createOidcInterceptor } = require('undici-oidc-interceptor')

const redisClient = new Redis()

const dispatcher = new Agent().compose(createOidcInterceptor({
  ...options,
  tokenStore: {
    name: 'test-cache',
    ttl: 100,
    storage: { 
      type: 'redis', 
      options: { 
        client: redisClient 
      } 
    }
  }
}))

Custom TTL

If you want to customize the TTL for tokens based on the expiresIn value from the OIDC response, you can provide a custom function.

Example:

const Redis = require('ioredis')
const { Agent } = require('undici')
const { createOidcInterceptor } = require('undici-oidc-interceptor')

const redisClient = new Redis()

const dispatcher = new Agent().compose(createOidcInterceptor({
  ...options,
  tokenStore: {
    name: 'test-cache',
    ttl: (tokenPayload) => tokenPayload.expiresIn * 80 / 100, // Sets token TTL to 80% of the OIDC expiry time
    storage: { 
      type: 'redis', 
      options: { 
        client: redisClient 
      } 
    }
  }
}))

License

MIT