oidc-client vs oidc-client-ts vs oidc-provider vs openid-client vs react-oidc-context
Implementing OpenID Connect Authentication in JavaScript Applications
Search packages..
oidc-clientoidc-client-tsoidc-provideropenid-clientreact-oidc-contextSimilar Packages:

Implementing OpenID Connect Authentication in JavaScript Applications

These libraries handle OpenID Connect (OIDC) flows but serve different architectural roles. oidc-client-ts, oidc-client, openid-client, and react-oidc-context are client libraries used to authenticate users against an identity provider. oidc-provider is a server library used to build your own identity provider. Choosing the wrong one can lead to security vulnerabilities or broken authentication flows.

Npm Package Weekly Downloads Trend

3 Years

Github Stars Ranking

Stat Detail

Package
Downloads
Stars
Size
Issues
Publish
License
oidc-client02,432-1165 years agoApache-2.0
oidc-client-ts01,8821.73 MB14220 days agoApache-2.0
oidc-provider03,711614 kB015 days agoMIT
openid-client02,320217 kB02 months agoMIT
react-oidc-context01,008118 kB9020 days agoMIT

OpenID Connect Libraries: Client, Server, and Framework Roles

Choosing the right OpenID Connect (OIDC) library depends on where your code runs and what role it plays. Some libraries help your app log in users (Client), while others help your app act as the login server itself (Provider). Mixing these up leads to security risks or broken builds. Let's look at how each package fits into your architecture.

πŸ—οΈ Core Role: Client vs. Server

The most important split is between libraries that log users in (Clients) and libraries that create the login system (Providers).

oidc-client-ts, oidc-client, openid-client, and react-oidc-context are all Clients. They help your application talk to an identity server (like Auth0, Azure AD, or Google).

oidc-provider is a Server. It helps you build your own identity server. You do not use this to log into another service.

// oidc-provider: Setting up your own Identity Server
import Provider from 'oidc-provider';
const provider = new Provider('http://localhost:3000', { /* config */ });
app.use(provider.callback);

// oidc-client-ts: Connecting to an existing Identity Server
import { UserManager } from 'oidc-client-ts';
const userManager = new UserManager({ authority: 'https://accounts.google.com', /* ... */ });

// openid-client: Connecting from a Node.js backend
import { custom } from 'openid-client';
const client = await custom({ /* ... */ });

// react-oidc-context: Connecting from React
import { AuthProvider } from 'react-oidc-context';
<AuthProvider {...config}>/* app */</AuthProvider>

// oidc-client: Legacy Client (Deprecated)
import { UserManager } from 'oidc-client';
const userManager = new UserManager({ /* ... */ });

πŸ–₯️ Runtime Environment: Browser vs. Node.js

Security rules change based on where your code runs. Browsers cannot keep secrets safely, but Node.js servers can.

oidc-client-ts and oidc-client are built for Browsers. They use PKCE (Proof Key for Code Exchange) to secure the login flow without a client secret. They store tokens in browser storage.

// oidc-client-ts: Browser-safe PKCE flow
await userManager.signinRedirect();
// Handles redirect and token exchange securely in the browser

openid-client is built for Node.js. It supports confidential clients that can store a client secret safely on the server. It is ideal for Backend-for-Frontend (BFF) patterns.

// openid-client: Server-side token exchange with secret
const params = client.callbackParams(ctx.req);
const tokenSet = await client.callback(redirectUri, params, { code_verifier });

react-oidc-context runs in the Browser (inside React). It wraps oidc-client-ts to manage state within React components.

// react-oidc-context: React hook usage
const { isAuthenticated, signinRedirect } = useAuth();

oidc-provider runs on Node.js. It listens for incoming login requests from other clients.

// oidc-provider: Listening for auth requests
provider.listen(3000);

βš›οΈ Framework Integration: React vs. Vanilla

If you use React, wrapping the auth logic saves time. If you use vanilla JS or another framework, you need the core library.

react-oidc-context provides hooks and context. It handles loading states and user data automatically within the React tree.

// react-oidc-context: Accessing user data
const { user } = useAuth();
return <div>Hello {user?.profile.name}</div>;

oidc-client-ts is framework independent. You must manually manage user state and subscription events.

// oidc-client-ts: Manual event subscription
userManager.events.addUserLoaded((user) => {
  console.log('User loaded', user);
});

oidc-client is also framework independent (Legacy). It works similarly to oidc-client-ts but lacks TypeScript support.

// oidc-client: Manual event subscription (Legacy)
userManager.events.addUserLoaded((user) => {
  console.log('User loaded', user);
});

openid-client is for backend frameworks (Express, Next.js API). You integrate it into your server routes.

// openid-client: Express route example
app.get('/callback', async (req, res) => {
  // handle callback
});

oidc-provider is for backend servers. It mounts directly to an HTTP server instance.

// oidc-provider: Mounting to HTTP server
provider.listen(3000);

⚠️ Maintenance Status: Legacy vs. Active

One of these packages is no longer recommended for new work.

oidc-client is Deprecated. The maintainers have stopped updates in favor of the TypeScript rewrite. Do not use this for new projects.

// oidc-client: DO NOT USE IN NEW PROJECTS
import { UserManager } from 'oidc-client'; // Deprecated package

oidc-client-ts is Active. This is the modern standard for browser-based SPAs.

// oidc-client-ts: Recommended for SPAs
import { UserManager } from 'oidc-client-ts';

react-oidc-context is Active. It is the recommended way to use OIDC in React apps today.

// react-oidc-context: Recommended for React
import { AuthProvider } from 'react-oidc-context';

openid-client is Active. It is the standard for Node.js OIDC clients.

// openid-client: Recommended for Node.js
import { Issuer } from 'openid-client';

oidc-provider is Active. It is the standard for building custom Identity Providers in Node.js.

// oidc-provider: Recommended for Custom IdP
import Provider from 'oidc-provider';

πŸ“Š Summary Table

PackageRoleEnvironmentStatusBest For
oidc-client-tsClientBrowserβœ… ActiveVanilla JS/TS SPAs
react-oidc-contextClientBrowser (React)βœ… ActiveReact SPAs
openid-clientClientNode.jsβœ… ActiveBackend/BFF Auth
oidc-providerServerNode.jsβœ… ActiveBuilding Identity Servers
oidc-clientClientBrowser❌ DeprecatedLegacy Maintenance Only

πŸ’‘ Final Recommendation

For most frontend teams building a Single Page Application:

  1. Use react-oidc-context if you are using React.
  2. Use oidc-client-ts if you are using Vue, Angular, or vanilla JavaScript.
  3. Avoid oidc-client completely for new work.

For backend teams:

  1. Use openid-client to log your server into another service.
  2. Use oidc-provider only if you need to build your own login server from scratch.

Choosing the right tool ensures your tokens stay safe and your code remains maintainable.

How to Choose: oidc-client vs oidc-client-ts vs oidc-provider vs openid-client vs react-oidc-context

  • oidc-client:

    Avoid this package for new projects as it is officially deprecated. Only choose this if you are maintaining a legacy application that cannot be migrated yet. For any new work, switch to oidc-client-ts which offers the same features with TypeScript support and active maintenance.

  • oidc-client-ts:

    Choose oidc-client-ts if you are building a Single Page Application (SPA) in vanilla JavaScript or TypeScript without a specific framework wrapper. It is the modern standard for browser-based authentication using PKCE. It gives you full control over the user manager and event handling.

  • oidc-provider:

    Choose oidc-provider only if you need to build your own Identity Server from scratch. This is not for logging into Google or Auth0 β€” it is for making your Node.js server act like Google or Auth0. It is complex and should only be used when third-party identity services do not meet your needs.

  • openid-client:

    Choose openid-client if you are implementing authentication on a Node.js backend. It is designed for server-side environments where you can safely store client secrets. It is ideal for Backend-for-Frontend (BFF) patterns or server-side rendered applications.

  • react-oidc-context:

    Choose react-oidc-context if you are building a React application. It wraps oidc-client-ts to provide hooks and context providers that simplify state management. This saves you from writing boilerplate code to handle user sessions and loading states within React components.

Similar Npm Packages to oidc-client

oidc-client is a JavaScript library designed for handling OpenID Connect (OIDC) authentication in web applications. It provides a simple way to manage user authentication, including token management, user sessions, and interaction with OIDC providers. While oidc-client is a robust solution for OIDC authentication, there are several alternatives in the ecosystem that cater to similar needs. Here are a few noteworthy alternatives:

  • oidc-client-ts is a TypeScript version of the original oidc-client library. It retains the same core functionality while providing type safety and improved developer experience for TypeScript users. If you're building a TypeScript application and want to leverage the benefits of strong typing while managing OIDC authentication, oidc-client-ts is an excellent choice.

  • oidc-provider is a library for implementing an OpenID Connect provider. Unlike the other libraries mentioned, which focus on client-side authentication, oidc-provider is designed for server-side applications. It allows developers to create their own OIDC-compliant identity provider, enabling them to manage user authentication and authorization flows. If you're looking to build a custom OIDC provider for your applications, oidc-provider is the go-to solution.

  • openid-client is another library that provides a client implementation for OpenID Connect. It is designed to work with any OpenID Connect provider and offers a comprehensive set of features for handling authentication and token management. openid-client is particularly useful for server-side applications that need to interact with OIDC providers. If you require flexibility in choosing your OIDC provider and need a robust client implementation, openid-client is a strong candidate.

  • react-oidc-context is a React-specific library that simplifies the integration of OIDC authentication in React applications. It provides a context-based approach to managing authentication state and user sessions, making it easy to access authentication information throughout your React components. If you are building a React application and want a seamless way to manage OIDC authentication, react-oidc-context is a great option.

To see how these packages compare, check out the comparison: Comparing oidc-client vs oidc-client-ts vs oidc-provider vs openid-client vs react-oidc-context.

Similar Npm Packages to oidc-client-ts

oidc-client-ts is a TypeScript library designed for handling OpenID Connect (OIDC) and OAuth 2.0 authentication in web applications. It provides a robust set of features for managing user authentication, including token management, session handling, and automatic token renewal. With its TypeScript support, oidc-client-ts ensures type safety and a better development experience for those using TypeScript in their projects. This library is particularly useful for developers looking to implement secure authentication flows in their applications while leveraging the benefits of TypeScript.

There are several alternatives to oidc-client-ts that also facilitate OIDC and OAuth 2.0 authentication:

  • oidc-client is the original JavaScript library for managing OIDC and OAuth 2.0 authentication. It provides a comprehensive solution for handling user authentication, including features like token storage, automatic token renewal, and user session management. While oidc-client is widely used and well-documented, it is primarily written in JavaScript, which may not provide the same level of type safety as TypeScript-based libraries. However, it remains a solid choice for developers who prefer a more established library with a large community and extensive support.

  • openid-client is a certified OpenID Connect client library for Node.js. It is designed for server-side applications and provides a comprehensive set of features for implementing OIDC authentication flows. This library is particularly useful for backend developers who need to integrate OIDC into their server-side applications. While it is not specifically tailored for frontend applications, it offers a robust solution for server-side authentication and can be used in conjunction with frontend libraries for a complete authentication solution.

  • react-oidc-context is a React-specific library that simplifies the integration of OIDC authentication in React applications. It provides a context-based API that makes it easy to manage user authentication state and access tokens within React components. If you are building a React application and want a straightforward way to implement OIDC authentication, react-oidc-context is an excellent choice, as it leverages React's context API for seamless integration.

To explore how these libraries compare, check out the comparison: Comparing oidc-client vs oidc-client-ts vs openid-client vs react-oidc-context.

Similar Npm Packages to oidc-provider

oidc-provider is a robust and spec-compliant OpenID Connect (OIDC) Provider implementation for Node.js. It enables developers to build their own identity servers that support OAuth 2.0 and OpenID Connect protocols, offering fine-grained control over authentication flows, token issuance, session management, and more. Designed for flexibility and compliance, oidc-provider is well-suited for teams needing a customizable, production-ready OIDC solution without relying on third-party identity providers.

An alternative to consider is:

  • express-openid-connect, which is an Express middleware that simplifies integrating OpenID Connect into Express-based applications by acting as a relying party (RP)β€”not an identity provider. Unlike oidc-provider, which lets you run your own OIDC server, express-openid-connect helps you consume OIDC services from existing identity providers like Auth0, Okta, or Google. It’s ideal for applications that need secure user authentication without the operational overhead of managing an identity server.

For a side-by-side look at these packages, see: Comparing express-openid-connect vs oidc-provider.

Similar Npm Packages to openid-client

openid-client is a powerful and flexible OpenID Connect (OIDC) client library for Node.js applications. It allows developers to easily integrate OIDC authentication into their applications, enabling secure user authentication and authorization. With support for various OIDC providers, openid-client simplifies the process of managing tokens, handling redirects, and making authenticated requests to APIs. Its robust features make it a popular choice for applications that require secure user authentication and seamless integration with OIDC-compliant identity providers.

An alternative to openid-client is oidc-client. This library is specifically designed for client-side applications, such as single-page applications (SPAs), and provides a simple way to manage OIDC authentication flows. oidc-client focuses on handling user sessions, managing tokens, and facilitating interactions with OIDC providers from the browser. It is well-suited for applications that require a lightweight solution for OIDC authentication without the need for extensive server-side logic.

For a comprehensive comparison between these two libraries, check out the following link: Comparing oidc-client vs openid-client.

Similar Npm Packages to react-oidc-context

react-oidc-context is a library designed to simplify the integration of OpenID Connect (OIDC) authentication in React applications. It provides a context-based approach to manage authentication state and user information, making it easier for developers to implement secure login flows and manage user sessions. With react-oidc-context, you can easily handle user authentication, token management, and session renewal, ensuring a smooth user experience while maintaining security.

One notable alternative to react-oidc-context is oidc-client. This library is a JavaScript implementation of the OpenID Connect and OAuth 2.0 protocols, designed to work in both browser and Node.js environments. While oidc-client provides a more general-purpose solution for handling OIDC authentication, it does not specifically cater to React applications. Developers using oidc-client may need to implement their own context or state management solutions to integrate it effectively within a React app.

When choosing between these two libraries, consider your specific needs. If you are building a React application and want a streamlined way to manage OIDC authentication with minimal setup, react-oidc-context is likely the better choice. On the other hand, if you need a more flexible solution that can be used across different environments or frameworks, oidc-client may be more suitable.

For a detailed comparison, check out the following link: Comparing oidc-client vs react-oidc-context.

README for oidc-client

npm package

oidc-client

Library to provide OpenID Connect (OIDC) and OAuth2 protocol support for client-side, browser-based JavaScript client applications. Also included is support for user session and access token management.

Install

Node.js

Node.js v4.4 or later required.

NPM

npm install oidc-client --save

NOTE: if you're not already using babel-polyfill make sure you run npm install --save babel-polyfill as well. Then include it in your build.

CommonJS

If you don't use a package manager or a module loader, then you can get the library from the dist folder on github here.

Including in the browser

If you intend to use this library directly in a browser and are not using UMD/AMD then there is a compiled version in the ~/dist folder. It is already bundled/minified and contains the necessary dependencies and polyfills (mainly for ES6 features such as Promises).

If you are using UMD/AMD and/or you already have included an ES6 polyfill (such as babel-polyfill.js) then you can include the UMD packaged version of the file from the ~/lib folder.

Building the Source

git clone https://github.com/IdentityModel/oidc-client-js.git
cd oidc-client-js
npm install
npm run build

Running the Sample

npm start

and then browse to http://localhost:15000.

Running the Tests

npm test

Docs

Some initial docs are here.

Feedback, Feature requests, and Bugs

All are welcome on the issue tracker.

npm-compare.com is an independent website designed to help developers choose the most suitable npm packages. We are not affiliated with npm, Inc, the official website for the npm registry. Note that npm is a registered trademark of npm, Inc. Please share your feedback via our GitHub repository. For more details, please refer to our Terms & Privacy.