Utility Functions
The SDK includes several utility functions for common OAuth and token management tasks.PKCE Utilities
generatePKCEAsync()
Generate PKCE (Proof Key for Code Exchange) code verifier and challenge using SHA-256. Returns:Promise<PKCEPair>
- Generates a 32-byte random code verifier
- Creates SHA-256 hash of the verifier as the code challenge
- Uses base64url encoding (URL-safe)
- Works in both browser and Node.js environments
- OAuth 2.1 compliant
The
AgentSDK.getAuthorizationUrl() method automatically generates PKCE
parameters, so you typically don’t need to call this directly.generateState()
Generate a random state parameter for CSRF protection in OAuth flows. Returns:string
- Generates a 16-byte random value
- Base64url encoded (URL-safe)
- Cryptographically secure random generation
- Works in both browser and Node.js environments
- Always use a unique state parameter for each OAuth request
- Store the state parameter and validate it in the callback
- Never reuse state parameters
The
AgentSDK.getAuthorizationUrl() method automatically generates a state
parameter if not provided.JWT Utilities
parseJWT()
Parse a JWT token to extract claims (without verification).JWT token to parse
any - Parsed token claims, or null if invalid
- Reading user information from ID tokens
- Checking token expiration
- Debugging token contents
- Displaying user information
- Never trust claims from unverified tokens for authorization
- Always verify tokens server-side for sensitive operations
- Use this only for reading non-sensitive information
Token Expiration Utilities
isTokenExpired()
Check if a token is expired based on its expiration timestamp.Expiration timestamp in milliseconds
boolean - true if expired, false if valid
The
TokenManager.isExpired() method uses this utility internally.getTimeUntilExpiry()
Get the time remaining until a token expires.Expiration timestamp in milliseconds
number - Milliseconds until expiration (minimum 0)
Helper Utilities
sleep()
Pause execution for a specified duration.Duration to sleep in milliseconds
Promise<void>
Complete Examples
Example 1: Manual OAuth Flow with PKCE
Example 2: Token Expiration Monitoring
Example 3: JWT Claims Parsing
Example 4: Polling with Sleep
Example 5: Comprehensive Token Management
Best Practices
Always validate state parameters
Always validate state parameters
Never trust unverified JWT claims
Never trust unverified JWT claims
Check token expiration before using
Check token expiration before using
Use appropriate polling intervals
Use appropriate polling intervals
Next Steps
Types Reference
Complete TypeScript type definitions
AgentSDK Methods
Explore all SDK methods
Token Manager
Token management utilities
Examples
See practical examples