I'm trying to implement this flow: https://github.com/panva/node-openid-client#authorization-code-flow
I've done the previous steps, but I don't understand what is the URL expected in the client.callback method:
const tokenSet = await client.callback('https://client.example.com/callback', params, { code_verifier });
The documentation for the method is also not explicit enough for my knowledge. https://github.com/panva/node-openid-client/blob/main/docs/README.md#clientcallbackredirecturi-parameters-checks-extras
I looked into the URLs returned by the issuer but non of them stand out to me as necessary for a callback, but since this client.callback seems to be returning the tokens I imagine it's calling the token_endpoint at some point, or is the url supposed to be the token endpoint? If so, why is it not fetched in a similar way as the authorizationUrl?
It is indeed the redirect URL in which the auth code was received, and 'callback' seems to be calling the token endpoint directly.
It hadn't worked when I tried because I had another issue with the callback parameters, but turns out I can send them as {code: auth_code} and that's it. I was trying to create the params with client.callbackParams like in the example, but my request was a WebApi fetch request and not one accepted by TS when trying to follow the example const params = client.callbackParams(req);. callbackParams does accept a string so I sent the code rather than the request, but it was not generating valid params from it.