exchangeAuthorizationCodeWithPkce
client.exchangeAuthorizationCodeWithPkce({ code: string, redirectUri: string })
About this command
Get an access token by providing an authorization code.
Only available if the PKCE is enabled or if the authorization code was retrieved from the loginWithSocialProvider method.
Examples
client
.exchangeAuthorizationCodeWithPkce({
code: 'QVVUSE9SSVpBVElPTl9DT0RF',
redirectUri: 'https://www.example.com/login/callback'
})
.then(authResult => {
// Retrieve the access token
})
.catch(err => console.error(err))
Response
Type: Promise<AuthResult>
AuthResult object fields
Field | Type | Description | ||
---|---|---|---|---|
|
The user’s access token. This a security token that gives access to authorized resources without further identification. It is represented as a JSON Web Token (JWT). |
|||
|
The lifetime of the access token (in seconds).
|
|||
|
The type of token that is issued.
|
|||
|
The user’s refresh token.
|
|||
|
The user’s ID token. This is a security token that contains authentication claims about the user. It is represented as a JSON Web Token (JWT).
|
|||
|
The body of the ID token which outlines the claims. See ID token payload for more details.
|
|||
|
The authorization code received from the initial authorization call. |
|||
|
An opaque value used to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. |
ID token payload
The possible claims to assert about an authenticated user are outlined in the table below.
Field | Type | Description | ||
---|---|---|---|---|
|
The type of authentication used. allowed values:
|
|||
|
The birthdate of the profile, represented as an ISO 8601 |
|||
|
The primary email address of the profile. |
|||
|
True if the user’s e-mail address has been verified; otherwise false. |
|||
|
The expiration time claim identifies the expiration time (in seconds) on or after which the JWT must not be accepted for processing. |
|||
|
The family name of the profile.
|
|||
|
The given name of the profile.
|
|||
|
The gender of the profile.
|
|||
|
The issued at claim identifies the time (in seconds) at which the JWT was issued. |
|||
|
The issuer claim identifies the principal that issued the JWT. |
|||
|
The profile’s language code in lowercase and country code in uppercase, separated by a dash (eg |
|||
|
The full name of the profile. |
|||
|
Whether the profile is new. |
|||
|
The subject claim that identifies the profile. |
|||
|
The URL of one of the user’s profile pictures. This URL refers to an image file (PNG, JPEG, or GIF image file). |
|||
|
The URL of one of the user’s profile pages (usually a social provider’s page). |
|||
|
The time the profile’s information was last updated. |