Implements OpenID Connect.

For usage, see OAuth 2.0 provider with PKCE.

import { Google } from "arctic";

const google = new Google(clientId, clientSecret, redirectURI);
const url: URL = await google.createAuthorizationURL(state, codeVerifier, {
	// optional
	scopes // "openid" always included
const tokens: GoogleTokens = await google.validateAuthorizationCode(code, codeVerifier);
const tokens: GoogleRefreshedTokens = await google.refreshAccessToken(refreshToken);

Get user profile

Add the profile scope. Optionally add the email scope to get user email.

const url = await google.createAuthorizationURL(state, codeVerifier, {
	scopes: ["profile", "email"]

Parse the ID token or use the userinfo endpoint. See ID token claims.

const tokens = await google.validateAuthorizationCode(code, codeVerifier);
const response = await fetch("", {
	headers: {
		Authorization: `Bearer ${tokens.accessToken}`
const user = await response.json();

Get refresh token

Set the access_type param to offline. You will only get the refresh token only in the first sign in.

const url = await google.createAuthorizationURL();
url.searchParams.set("access_type", "offline");