Skip to content
Ease your implementation with itsme
TypeScript Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

npm version

Itsme® client

This library's purpose it to make your server's communication with itsme® more pleasant.

itsme-client discovers the OpenID configuration of itsme and allows you to easily exchange tokens without worrying about fetching, caching, signing and encrypting.


  • Endpoint discovery
  • Exchanging an Authorization Token
  • Extracting claims from an ID Token
  • Getting claims from the User Info endpoint
  • Extracting your public keys as a JWK Set
  • Decrypting and verifying JWTs
  • Encrypting and signing JWTs
  • Key rollover
  • Normalizing returned values

The library is written in TypeScript, so typings are available. Plain Node.js will also work.


Initialize ItsmeClient

import { createKeyStore, IdentityProvider, ItsmeClient } from 'itsme-client';

async function initItsmeClient() {
    const itsmeDiscoveryUrl = '';
    const itsmeProvider = await;
    return new ItsmeClient(itsmeProvider, {
        clientId: 'your client id here',
        keyStore: await createKeyStore(yourJwkSet),

Obtaining user info with an Authorization token

import { ItsmeClient } from 'itsme-client';

async function wrapper(itsmeClient: ItsmeClient) {
    const token = await itsmeClient.exchangeAuthorizationCode(
        'Authorization code here',
        'https://your-redirect.url/here', // The callback used to acquire the Authorization code

    // Get the user info via the userInfo endpoint
    const userInfo = await itsmeClient.userInfoComplete(token.access_token);

    // Same thing with intermediary steps
    const userInfoJwt = await itsmeClient.userInfo(accessToken);
    const decryptedUserInfo = await itsmeClient.decryptUserInfo(userInfoJwt);
    const userInfoStepByStep = await itsmeClient.verifyUserInfo(decryptedUserInfo);

    // Or get the claims via the ID Token
    const idTokenPayload = await itsmeClient.decryptAndVerifyIdToken(token.id_token);

Extracting your public keys as a JWK Set

This library supports extracting your public keys as a JWK Set for easy exposure via URL or other means.


Responses contains examples of responses of certain methods.

You can’t perform that action at this time.