OIDC utilities
Low-level OIDC helpers in @sumx/ssr-auth-core. Use from client utilities or server handlers.
URL helpers (oidc-url-utils)
| Export | Description |
|---|---|
OIDC_QUERY_PARAMS | Param names stripped after callback |
stripOidcParamsFromUrl() | history.replaceState without code/state |
hasOidcParamsInUrl() | Browser URL has OIDC callback params |
hasOidcParamsInAsPath(asPath) | Next.js asPath variant |
Token refresh (oidc-token-refresh)
import { refreshOidcTokens } from '@sumx/ssr-auth-core/oidc-token-refresh';
const tokens = await refreshOidcTokens({
authority,
clientId,
refreshToken,
});Called from session handler when access token is near expiry.
ID token verification (oidc-id-token)
import { verifyOidcIdToken } from '@sumx/ssr-auth-core/oidc-id-token';
const claims = await verifyOidcIdToken({
idToken,
authority,
clientId,
nonce,
});Validates signature, issuer, audience, and expiry before establishing a session.
Logout (oidc-logout)
| Export | Description |
|---|---|
buildOidcEndSessionUrl(params) | IdP end-session URL with id_token_hint |
postAuthLogout(options) | Server logout POST helper |
navigateToOidcEndSessionAfterLogout(...) | Client redirect after local logout |
Types: BuildOidcEndSessionUrlParams, AuthLogoutApiResponse, PostAuthLogoutOptions.
Dev TLS (dev-tls)
import { enableLocalDevTlsBypass } from '@sumx/ssr-auth-core/dev-tls';Allows Node to call HTTPS dev IdP with self-signed certs only in local dev — do not use in production.
OIDC public config (auth-oidc-config)
type AuthOidcPublicConfig = { authority: string; clientId: string };
type AuthOidcConfigResolver = () => AuthOidcPublicConfig;Pass getOidcConfig into API route handlers instead of relying on process.env alone.
Login broadcast (login-broadcast)
parseLoginBroadcastSubject(value: string | null): string | nullParses cross-tab login notification payload for CheckToken.