Okta
OAuth 2.0 provider for Okta.
Also see the OAuth 2.0 guide.
Initialization
The domain
parameter should not include the protocol or path. The authorizationServerId
parameter is optional.
import { Okta } from "arctic";
const domain = "auth.example.com";
const okta = new Okta(domain, null, clientId, clientSecret, redirectURI);
const okta = new Okta(domain, authorizationServerId, clientId, clientSecret, redirectURI);
Create authorization URL
import { generateState, generateCodeVerifier } from "arctic";
const state = generateState();
const codeVerifier = generateCodeVerifier();
const scopes = ["openid", "profile"];
const url = okta.createAuthorizationURL(state, codeVerifier, scopes);
Validate authorization code
validateAuthorizationCode()
will either return an OAuth2Tokens
, or throw one of OAuth2RequestError
, ArcticFetchError
, or a standard Error
(parse errors). Actual values returned by Okta depends on your configuration.
import { OAuth2RequestError, ArcticFetchError } from "arctic";
try {
const tokens = await okta.validateAuthorizationCode(code, codeVerifier);
const accessToken = tokens.accessToken();
const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
const refreshToken = tokens.refreshToken();
} catch (e) {
if (e instanceof OAuth2RequestError) {
// Invalid authorization code, credentials, or redirect URI
const code = e.code;
// ...
}
if (e instanceof ArcticFetchError) {
// Failed to call `fetch()`
const cause = e.cause;
// ...
}
// Parse error
}
Refresh access tokens
Use refreshAccessToken()
to get a new access token using a refresh token. Okta requires you to pass scopes when refreshing tokens. This method also returns OAuth2Tokens
and throws the same errors as validateAuthorizationCode()
import { OAuth2RequestError, ArcticFetchError } from "arctic";
try {
const tokens = await okta.refreshAccessToken(accessToken, scopes);
const accessToken = tokens.accessToken();
const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
} catch (e) {
if (e instanceof OAuth2RequestError) {
// Invalid authorization code, credentials, or redirect URI
}
if (e instanceof ArcticFetchError) {
// Failed to call `fetch()`
}
// Parse error
}
Revoke tokens
Use revokeToken()
to revoke a token. This can throw the same errors as validateAuthorizationCode()
.
try {
await okta.revokeToken(token);
} catch (e) {
if (e instanceof OAuth2RequestError) {
// Invalid authorization code, credentials, or redirect URI
}
if (e instanceof ArcticFetchError) {
// Failed to call `fetch()`
}
// Parse error
}