Gathering detailed insights and metrics for angular-auth-oidc-client-pema
Gathering detailed insights and metrics for angular-auth-oidc-client-pema
npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
Installations
npm install angular-auth-oidc-client-pemaDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
12.18.3
NPM Version
6.14.6
Releases
133
Languages
4
TypeScript
JavaScript
HTML
CSS
TypeScript (87.04%)
JavaScript (10.1%)
HTML (2.58%)
CSS (0.28%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
1,199 Stars
4,258 Commits
448 Forks
37 Watchers
11 Branches
92 Contributors
Updated on Jul 08, 2025
Maintainers
1
Package Meta Information
Latest Version
11.6.0
Package Id
angular-auth-oidc-client-pema@11.6.0
Unpacked Size
1.64 MB
Size
339.00 kB
File Count
612
NPM Version
6.14.6
Node Version
12.18.3
Total Downloads
Cumulative downloads
Total Downloads
NaN
Dependencies
14
Dev Dependencies
23
@angular-devkit/build-angular@angular-devkit/build-ng-packagr@angular/cli@angular/compiler-cli@angular/language-service@types/jasmine@types/jasminewd2@types/nodecodelyzercopyfilesjasmine-corejasmine-spec-reporterkarmakarma-chrome-launcherkarma-coverage-istanbul-reporterkarma-jasminekarma-jasmine-html-reporterng-packagrprettierprotractorts-nodetslinttypescript
Angular Lib for OpenID Connect & OAuth2
OpenID Code Flow with PKCE, Code Flow with refresh tokens, OpenID Connect Implicit Flow
OpenID Certification
This library is certified by OpenID Foundation. (RP Implicit and Config RP)
Features
- Supports OpenID Connect Code Flow with PKCE
- Supports Code Flow PKCE with Refresh tokens
- Supports Revocation Endpoint
- Support for current best practice
- Implements OIDC validation as specified, complete client side validation for REQUIRED features
- Supports OpenID Connect Implicit Flow
- OpenID Connect Session Management 1.0
- Samples for most of the common use cases
Installation
Navigate to the level of your package.json and type
1 npm install angular-auth-oidc-client
or with yarn
1 yarn add angular-auth-oidc-client
Documentation
- Quickstart
- Samples
- Silent renew
- Guards
- Features
- Logout
- Using and revoking the access token
- CSP & CORS
- Public API
- Configuration
- Migration
- Changelog
Quickstart
For the example of the Code Flow. For further examples please check the Samples Section
Import the module and services in your module.
1import { HttpClientModule } from '@angular/common/http'; 2import { APP_INITIALIZER, NgModule } from '@angular/core'; 3import { AuthModule, LogLevel, OidcConfigService } from 'angular-auth-oidc-client'; 4// ... 5 6export function configureAuth(oidcConfigService: OidcConfigService) { 7 return () => 8 oidcConfigService.withConfig({ 9 stsServer: 'https://offeringsolutions-sts.azurewebsites.net', 10 redirectUrl: window.location.origin, 11 postLogoutRedirectUri: window.location.origin, 12 clientId: 'angularClient', 13 scope: 'openid profile email', 14 responseType: 'code', 15 silentRenew: true, 16 silentRenewUrl: `${window.location.origin}/silent-renew.html`, 17 logLevel: LogLevel.Debug, 18 }); 19} 20 21@NgModule({ 22 // ... 23 imports: [ 24 // ... 25 AuthModule.forRoot(), 26 ], 27 providers: [ 28 OidcConfigService, 29 { 30 provide: APP_INITIALIZER, 31 useFactory: configureAuth, 32 deps: [OidcConfigService], 33 multi: true, 34 }, 35 ], 36 // ... 37}) 38export class AppModule {}
And call the method checkAuth() from your app.component.ts
1import { Component, OnDestroy, OnInit } from '@angular/core'; 2import { OidcClientNotification, OidcSecurityService, PublicConfiguration } from 'angular-auth-oidc-client'; 3import { Observable } from 'rxjs'; 4 5@Component({ 6 /**/ 7}) 8export class AppComponent implements OnInit { 9 constructor(public oidcSecurityService: OidcSecurityService) {} 10 11 ngOnInit() { 12 this.oidcSecurityService.checkAuth().subscribe((auth) => console.log('is authenticated', auth)); 13 } 14 15 login() { 16 this.oidcSecurityService.authorize(); 17 } 18 19 logout() { 20 this.oidcSecurityService.logoff(); 21 } 22}
Using the access token
You can get the access token by calling the method getToken() on the OidcSecurityService
1const token = this.oidcSecurityService.getToken();
And then you can use it in the HttpHeaders
1import { HttpHeaders } from '@angular/common/http'; 2 3const token = this.oidcSecurityServices.getToken(); 4 5const httpOptions = { 6 headers: new HttpHeaders({ 7 Authorization: 'Bearer ' + token, 8 }), 9};
License
MIT
Version 10
if you need information about version 10 please search here
https://github.com/damienbod/angular-auth-oidc-client/tree/version-10
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no binaries found in the repo
Reason
5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Reason
Found 8/14 approved changesets -- score normalized to 5
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy-docs.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/deploy-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/deploy-docs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/deploy-docs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/damienbod/angular-auth-oidc-client/deploy-docs.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:121
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:132
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:161
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:172
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:201
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:211
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:216
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:245
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:256
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:81
- Warn: npmCommand not pinned by hash: .github/workflows/build.yml:92
- Warn: npmCommand not pinned by hash: .github/workflows/deploy-docs.yml:29
- Warn: npmCommand not pinned by hash: .github/workflows/deploy-docs.yml:32
- Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 1 out of 14 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
40 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-f7f6-9jq7-3rqj
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
- Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986 / GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
- Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Score
4.5
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More