ClientCredentialsOptions

Identifies the service principal an OpenIdConnectClient.createWithClientCredentials client authenticates as. Unlike the interactive flows there is no discovery-from-page-origin default and no redirect URI: the provider URL must be explicit (in a service there is no window.location to derive it from) and the grant completes in a single token request without any browser round trip.

Index

Properties

• clientId
• clientSecret
• openIdProviderUrl

Properties

readonlyclientId

clientId: string

readonlyclientSecret

clientSecret: string

The client secret of a confidential client with service accounts enabled. This is a credential on par with a password: it must only ever live server-side (environment/secret store), never in code shipped to end users — see the browser guard in OpenIdConnectClient.createWithClientCredentials.

readonlyopenIdProviderUrl

openIdProviderUrl: string | URL

See OpenIdConnectClientOptions.openIdProviderUrl.