npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@magalucloud/sdk-idmagalu-js

v1.0.15

Published

ID Magalu SDK for Single Page Applications using Authorization Code Grant Flow with PKCE

Downloads

48

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

andrecoliveiraandrecoliveiradebonzidebonzi

Keywords

ID MagaluSDKloginAuthorization Code Grant FlowPKCESingle Page Application authenticationSPA authentication

Readme

ID Magalu SDK for Javascript

Created for SPA (Single-page application) projects.

Getting Started

Instalation

Add the ID Magalu SDK as a dependency in your project.

Use npm in your project directory and run the following command:

npm i @magalucloud/sdk-idmagalu-js

Configure the SDK

To get started, you need to create a single instance of the ID Magalu SDK before rendering or initializing your application. This can be done using the async/await method or with promisses. This instance only needs to be declared once in your project.

import createClient from '@magalucloud/sdk-idmagalu-js'

(async () => {
    const clientIDMagalu = await createClient({
      client_id: '<CLIENT_ID>',
      redirect_uri: '<REDIRECT_URI>',
      scope: '<SCOPE>'
    })
}

The scope property is optional and if not entered, its default value becomes `openid profile``.

Logging In

The login method must be used to start the authentication flow.

document.getElementById('login').addEventListener('click', async () => {
  await clientIDMagalu.login();
});

After completing authentication on the ID Magalu, a redirect will be sent back to the address entered in redirect_uri, containing the authorization code as a parameter in the URL.

Code Exchange

When redirected back to your application, the ID Magalu SDK provides a method called handleRedirectCallback, which is responsible for completing authentication by exchanging the authorization code obtained following the PKCE Flow for the access token.

In order for this event to be used, the application must be able to validate the presence of the CODE as a URL parameter immediately after the redirect that occurred when completing the authentication stage in ID Magalu.

if (location.search.includes('code=')) {
  await clientIDMagalu.handleRedirectCallback();
}

The method returns the following information:

{
  access_token: string;
  created_at: number;
  expires_in: number;
  id_token: string;
  refresh_token: string;
  scope: string;
  token_type: string;
}

We can also do it silently by adding the getTokenSilently property to true when creating the instance, as shown in the code below:

import createClient from '@magalucloud/sdk-idmagalu-js'

(async () => {
    const clientIDMagalu = await createClient({
      client_id: '<CLIENT_ID>',
      redirect_uri: '<REDIRECT_URI>',
      scope: '<SCOPE>',
      getTokenSilently: true
    })
}

Token storage in the authentication state

By default, the JWTs provided by the Magalu ID are stored in memory. This protects against CSRF attacks (possible if stored as a client-side cookie) and XSS attacks (possible if persisted in local storage).

The disadvantage of this approach, however, is that if a page is refreshed or a new tab is opened, the token will be erased from memory and the login button will need to be clicked again to authenticate.

Rotating Refresh Tokens

The ID Magalu SDK can be configured to use refresh token rotation in order to obtain new access tokens silently.

Refresh token rotation is a fundamental practice for improving security in authentication and authorization systems. This technique consists of regularly replacing access tokens with new tokens, usually using refresh tokens. By using refresh token rotation, systems can significantly reduce the impact of possible security breaches.

To enable the use of this practice, set the useRefreshTokens property to true.

import createClient from '@magalucloud/sdk-idmagalu-js'

(async () => {
    const clientIDMagalu = await createClient({
      client_id: '<CLIENT_ID>',
      redirect_uri: '<REDIRECT_URI>',
      scope: '<SCOPE>',
      useRefreshTokens: true
    })
}

Once configured, the ID Magalu SDK will directly call the /oauth/token endpoint to update the tokens whenever there is a new render.

Below is an example of this payload:

{
  client_id: '<CLIENT_ID>',
  grant_type: 'refresh_token',
  refresh_token: '<REFRESH_TOKEN>'
}

Get refresh tokens manually

To use the handleRefreshToken method, you need to pass the refresh token as a parameter.

document.getElementById('refreshToken').addEventListener('click', () => {
  const refreshToken = sdkIDMagalu.store.getItem('id_magalu_refresh_token');
  const sessionData: Boolean = clientIDMagalu.handleRefreshToken(refreshToken);
});

The method returns the following information:

{
  access_token: string;
  created_at: number;
  expires_in: number;
  id_token: string;
  refresh_token: string;
  scope: string;
  token_type: string;
}

Get session information

Use the isAuthenticated method to validate the session status.

document.getElementById('isAuthenticated').addEventListener('click', () => {
  const isAuthenticated: Boolean = clientIDMagalu.isAuthenticated();
});

Get user information

Use the getUser method to obtain active user information.

document.getElementById('getUser').addEventListener('click', () => {
  const user: User = clientIDMagalu.getUser();
});

Example output:

{
  email: string;
  name: string;
  profile_image_url: string;
}

Get Access Token

The getToken method returns the access token stored in memory.

document.getElementById('getToken').addEventListener('click', () => {
  const accessToken: String = clientIDMagalu.getToken();
});

Logout

The logout method disconnects the user from the ID Magalu.

document.getElementById('logout').addEventListener('click', async () => {
  await clientIDMagalu.logout();
});