Class IdentityProviderFactory

Creates an OIDC Provider based on the provided configuration and parameters. The provider will be cached and returned on subsequent calls. Cookie and JWT keys will be stored in an internal storage, so they can be re-used over multiple threads. Necessary claims for Solid OIDC interactions will be added. Routes will be updated based on the baseUrl and oidcPath.


  • IdentityProviderFactory




adapterFactory: AdapterFactory
baseUrl: string
clientCredentialsStore: ClientCredentialsStore
config: Configuration
errorHandler: ErrorHandler
interactionRoute: InteractionRoute<never>
jwkGenerator: JwkGenerator
logger: Logger = ...
oidcPath: string
promptFactory: PromptFactory
provider?: default
responseWriter: ResponseWriter
showStackTrace: boolean
storage: KeyValueStorage<string, string[]>


  • In the configureErrors function below, we configure the renderError function of the provider configuration. This function is called by the OIDC provider library to render errors, but only does this if the accept header is HTML. Otherwise, it just returns the error object itself as a JSON object. See

    In this function we override the ctx.accepts function to make the above code think HTML is always requested there. This way we have full control over error representation as configured in configureErrors. We still check the accept headers ourselves so there still is content negotiation on the output, the client will not simply always receive HTML.

    Should this part of the OIDC library code ever change, our function will break, at which point behaviour will simply revert to what it was before.


    • provider: default

    Returns void

  • Creates the route string as required by the oidc-provider library. In case base URL is, oidcPath is /idp and relative is device/auth, this would result in /foo/idp/device/auth.


    • relative: string

    Returns string

  • Checks whether the given token is an access token. The AccessToken interface is not exported, so we have to access it like this.


    • token: unknown

    Returns token is undefined | AccessToken