Using AppAuth in the Browser

In a web environment, the library primarily uses the RedirectRequestHandler to handle the OAuth flow via window redirects.

Redirect Handling

When the user is redirected back to your application, you must check for the authorization response on page load:

const authorizationHandler = new RedirectRequestHandler();

// This should be called when your app initializes on the redirect_uri page
authorizationHandler.completeAuthorizationRequestIfPossible();

Storage

AppAuth-JS uses a StorageBackend to persist request data (like PKCE verifiers) across redirects. By default, it uses LocalStorageBackend, which wraps window.localStorage.

import { LocalStorageBackend } from '@openid/appauth';

const storage = new LocalStorageBackend();
const authHandler = new RedirectRequestHandler(storage);