Documentation

Node.js

Minimal http server demonstrating authorize + callback.

server.ts
import http from "node:http";
import { createPkcePair } from "./pkce.js";

const ISSUER = process.env.AUTH_ISSUER;
const pending = new Map(); // demo only — use a real session store

http.createServer(async (req, res) => {
  const url = new URL(req.url!, "http://localhost:3000");

  if (url.pathname === "/login") {
    const { verifier, challenge } = createPkcePair();
    const state = crypto.randomUUID();
    pending.set(state, verifier);

    const authorize = new URL(`${ISSUER}/oauth2/authorize`);
    authorize.searchParams.set("response_type", "code");
    authorize.searchParams.set("client_id", process.env.AUTH_CLIENT_ID!); // YOUR_CLIENT_ID
    authorize.searchParams.set("redirect_uri", process.env.AUTH_REDIRECT_URI!);
    authorize.searchParams.set("scope", "openid profile email offline_access");
    authorize.searchParams.set("state", state);
    authorize.searchParams.set("code_challenge", challenge);
    authorize.searchParams.set("code_challenge_method", "S256");
    res.writeHead(302, { Location: authorize.toString() });
    return res.end();
  }

  if (url.pathname === "/callback") {
    const code = url.searchParams.get("code");
    const state = url.searchParams.get("state");
    const verifier = pending.get(state);
    // exchange code with YOUR_CLIENT_SECRET + verifier
    res.end("signed in");
  }
}).listen(3000);