client_id: Your application's unique identifier provided by Civic Auth.
refresh_token: The refresh token from the user's existing session
grant_type: a string 'refresh_token'
If the refresh token is valid this will return a JSON response containing updated tokens e.g.
{
"access_token": <JWT with sub=userId>
"id_token": <JWT with sub=userId, profile info & forwardedTokens>
"refresh_token": <string>
"expires_in": <how many seconds until the token expires>\
}
Usage
The Civic Auth SDK is designed to simplify front-end integration, with optimized support for React and Next.js. However, if your frontend uses another framework, you can still retrieve user information after login by inspecting the ID token.
The ID token is produced after completing the login process. A common pattern is for your backend to pass that token to your frontend as a cookie.
Here’s an example of how to access user information in vanilla JavaScript by reading the ID token cookie:
import jwt from "jsonwebtoken";
function getUserFromToken() {
const cookie = document.cookie
.split("; ")
.find(row => row.startsWith("id_token="));
if (!cookie) return null;
const token = cookie.split("=")[1];
return jwt.decode(token);
}
const user = getUserFromToken();
console.log(user); // Log user info or use it in your app
Civic Auth requires the use of PKCE (Proof Key for Code Exchange), so thecode_challenge parameter is obligatory. For more information, see .
See below for an example of using Civic Auth with a third-party library: