Arctic

Autodesk Platform Services

OAuth 2.0 provider for Autodesk Platform Services.

Also see the OAuth 2.0 with PKCE guide.

Initialization

Pass the client secret for confidential clients.

import * as arctic from "arctic";

const autodesk = new arctic.Autodesk(clientId, clientSecret, redirectURI);
const autodesk = new arctic.Autodesk(clientId, null, redirectURI);

Create authorization URL

import * as arctic from "arctic";

const state = arctic.generateState();
const codeVerifier = arctic.generateCodeVerifier();
const scopes = ["openid", "user:read", "data:read"];
const url = autodesk.createAuthorizationURL(state, codeVerifier, scopes);

The list of scopes Autodesk Platform Services supports can be found at the Developer's Guide/Scopes page.

Validate authorization code

validateAuthorizationCode() will either return an OAuth2Tokens, or throw one of OAuth2RequestError, ArcticFetchError, UnexpectedResponseError, or UnexpectedErrorResponseBodyError. Autodesk Platform Services returns an access token, the access token expiration, and a refresh token.

import * as arctic from "arctic";

try {
	const tokens = await autodesk.validateAuthorizationCode(code, codeVerifier);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
		const code = e.code;
		// ...
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
		const cause = e.cause;
		// ...
	}
	// Parse error
}

Refresh access tokens

Use refreshAccessToken() to get a new access token using a refresh token. Autodesk Platform Services returns the same values as during the authorization code validation. This method also returns OAuth2Tokens and throws the same errors as validateAuthorizationCode()

import * as arctic from "arctic";

try {
	// Pass an empty `scopes` array to keep using the same scopes.
	const tokens = await autodesk.refreshAccessToken(refreshToken, scopes);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
	}
	// Parse error
}

Revoke tokens

Use revokeToken() to revoke a token. You need to specify wether the token is an access_token or a refresh_token. This can throw the same errors as validateAuthorizationCode().

try {
	await autodesk.revokeToken(token, token_type);
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
	}
	// Parse error
}

OpenID Connect

Use OpenID Connect with the openid scope to get the user's profile with an ID token or the userinfo endpoint. Arctic provides decodeIdToken() for decoding the token's payload.

See the endpoint documentation for the token claims.

const scopes = ["openid"];
const url = autodesk.createAuthorizationURL(state, codeVerifier, scopes);

import * as arctic from "arctic";

const tokens = await autodesk.validateAuthorizationCode(code, codeVerifier);
const idToken = tokens.idToken();
const claims = arctic.decodeIdToken(idToken);

const response = await fetch("https://api.userprofile.autodesk.com/userinfo", {
	headers: {
		Authorization: `Bearer ${accessToken}`
	}
});
const user = await response.json();