A frontend SDK for integrating with Universal Verify, an OAuth/OIDC platform that enables partners to access user information securely.
npm install universal-verify-js
import UniversalVerify from 'universal-verify-js';
// Initialize the SDK with your client ID
const universalVerify = new UniversalVerify('your-client-id');
You can also use the SDK directly from jsDelivr in your ES modules:
// In your module file (e.g., app.js)
import UniversalVerify from 'https://cdn.jsdelivr.net/npm/universal-verify-js@0.0.2/build/universal-verify.min.js';
// Then use it as normal
const universalVerify = new UniversalVerify('your-client-id');
The SDK supports the OAuth 2.0 Authorization Code flow with PKCE. Here's how to use it:
// Generate a code challenge from a code verifier on your backend
const codeChallenge = 'your-code-challenge';
// Create authorization URL
const authUrl = universalVerify.createAuthorizationUrl({
codeChallenge: codeChallenge, // Required
redirectUrl: 'https://your-app.com/callback', // Optional (see note in API Reference)
scope: 'verification openid age ...', // Optional
state: 'your-state', // Optional
nonce: 'your-nonce' // Optional
});
// Redirect user to authorization URL
window.location.href = authUrl;
// Parse the redirect URL when the user returns to your redirectUrl
const params = universalVerify.parseRedirectUrl();
new UniversalVerify(clientId)
Creates a new instance of the UniversalVerify SDK.
clientId
(string, required): Your Universal Verify client ID
Creates an OAuth authorization URL.
options
(object):codeChallenge
(string, required): The code challenge for PKCEredirectUrl
(string, optional): The redirect URL for the OAuth flowstate
(string, optional): A state parameter for securitynonce
(string, optional): A nonce for securityscope
(string, optional): The OAuth scope. Defaults to 'verification openid age ...'
redirectUrl must be added to your integration in the partners platform prior to use and is required if more than one has been added
string
: The complete authorization URL
Parses the OAuth redirect URL and extracts the authorization code and state parameters from the current URL.
object
: An object containing:code
(string): The authorization codestate
(string): The state parameter (if provided)
Returns the version of the UniversalVerify library.
console.log(UniversalVerify.version); // '0.0.2'
- Always use PKCE (Proof Key for Code Exchange) for secure OAuth flows
- Implement proper state parameter validation
- Use HTTPS for all communications
- Store sensitive information securely on your backend
MIT License - see LICENSE for details