Skip to main content

Utility Functions

The SDK includes several utility functions for common OAuth and token management tasks.

PKCE Utilities

generatePKCEAsync()

Generate PKCE (Proof Key for Code Exchange) code verifier and challenge using SHA-256. Returns: Promise<PKCEPair>
Return Type:
Details:
  • Generates a 32-byte random code verifier
  • Creates SHA-256 hash of the verifier as the code challenge
  • Uses base64url encoding (URL-safe)
  • Works in both browser and Node.js environments
  • OAuth 2.1 compliant
The AgentSDK.getAuthorizationUrl() method automatically generates PKCE parameters, so you typically don’t need to call this directly.

generateState()

Generate a random state parameter for CSRF protection in OAuth flows. Returns: string
Details:
  • Generates a 16-byte random value
  • Base64url encoded (URL-safe)
  • Cryptographically secure random generation
  • Works in both browser and Node.js environments
Best Practices:
  • Always use a unique state parameter for each OAuth request
  • Store the state parameter and validate it in the callback
  • Never reuse state parameters
The AgentSDK.getAuthorizationUrl() method automatically generates a state parameter if not provided.

JWT Utilities

parseJWT()

Parse a JWT token to extract claims (without verification).
token
string
required
JWT token to parse
Returns: any - Parsed token claims, or null if invalid
Example Claims:
This function does NOT verify the JWT signature. Only use it for reading claims from tokens you trust. For security-critical operations, use server-side verification.
Use Cases:
  • Reading user information from ID tokens
  • Checking token expiration
  • Debugging token contents
  • Displaying user information
Security Notes:
  • Never trust claims from unverified tokens for authorization
  • Always verify tokens server-side for sensitive operations
  • Use this only for reading non-sensitive information

Token Expiration Utilities

isTokenExpired()

Check if a token is expired based on its expiration timestamp.
expiresAt
number
required
Expiration timestamp in milliseconds
Returns: boolean - true if expired, false if valid
Example with Token Manager:
The TokenManager.isExpired() method uses this utility internally.

getTimeUntilExpiry()

Get the time remaining until a token expires.
expiresAt
number
required
Expiration timestamp in milliseconds
Returns: number - Milliseconds until expiration (minimum 0)
Practical Examples: Display countdown:
Auto-refresh before expiration:

Helper Utilities

sleep()

Pause execution for a specified duration.
ms
number
required
Duration to sleep in milliseconds
Returns: Promise<void>
Use Cases: Polling with delays:
Rate limiting:
Retry with backoff:

Complete Examples

Example 1: Manual OAuth Flow with PKCE

Example 2: Token Expiration Monitoring

Example 3: JWT Claims Parsing

Example 4: Polling with Sleep

Example 5: Comprehensive Token Management

Best Practices

Next Steps

Types Reference

Complete TypeScript type definitions

AgentSDK Methods

Explore all SDK methods

Token Manager

Token management utilities

Examples

See practical examples