Globus SDK for JavaScript
    Preparing search index...

    Class AuthorizationManager

    Provides management of Globus authorization context for your application.

    • Handles the OAuth protcol flow (via PKCE)
    • Token lifecycle management
    • Common errors (e.g., ConsentRequired, authorization_requirements)

    Once you configure your instance, you can determine the authenticated state using manager.authenticated.

    To prompt a user to authenticate, call manager.login() on user interaction – this will initiate the OAuth protocol flow with your configured client and scopes, resulting in an initial redirect to Globus Auth.

    Once the user authenticates with Globus Auth, they will be redirected to your application using the configured redirect URL. On this URL, you will need to call manager.handleCodeRedirect (using a manager instance configured in the same manner that initiated the manager.login() call) to complete the PKCE flow, exchanging the provided code for a valid token, or tokens.

    All tokens managed by the AuthorizationManager instance can be found on manager.token.

    The AuthorizationManager expects your Globus Application to be registered as an OAuth public client. In this Globus Web Application, this option is referenced as "Register a thick client or script that will be installed and run by users on their devices".

    import { authorization } from "globus/sdk";

    const manager = authorization.create({
     // Your registered Globus Application client ID.
     client: '...',
     // The redirect URL for your application; Where you will call `manager.handleCodeRedirect()`
     redirect: 'https://example.com/callback',
     // Known scopes required by your application.
     scopes: 'urn:globus:auth:scope:transfer.api.globus.org:all',
    });

    Once you have an instance of an AuthorizationManager, it can be passed to any service method as ServiceMethodOptions.manager or SDKOptions.manager option. The service method will determine if a token is required to make the request and will use the AuthorizationManager to retrieve the token.

    import { transfer } from "globus/sdk";
    const manager = authorization.create({ ... });
    const result = await (
     await globus.transfer.endpointSearch({
       query: { filter_fulltext: "Globus"},
       manager
     })
    ).json();
    Index

    Constructors

    constructor

    Properties

    configuration events storage tokens

    Accessors

    authenticated storageKeyPrefix user

    Methods

    addTokenResponse getGlobusAuthToken handleAuthorizationRequirementsError handleCodeRedirect handleConsentRequiredError handleErrorResponse hasGlobusAuthToken login prompt refreshToken refreshTokens reset revoke

    Constructors

    Properties

    configuration: AuthorizationManagerConfiguration
    events: {
        authenticated: Event<
            "authenticated",
            { isAuthenticated: boolean; token?: TokenResponse },
        >;
        revoke: Event<"revoke", unknown>;
    } = ...

    Type Declaration

    • authenticated: Event<"authenticated", { isAuthenticated: boolean; token?: TokenResponse }>

      Emitted when the authenticated state changes. AuthorizationManager.events#authenticated

    • revoke: Event<"revoke", unknown>

      Emitted when the user revokes their authentication. AuthorizationManager.events#revoke

    storage: Storage

    The storage system used by the AuthorizationManager.

    Storage

    tokens: TokenManager

    Accessors

    Methods

    • This method will attempt to complete the PKCE protocol flow.

      Parameters

      • options: {
            additionalParams?: { [key: string]: string };
            includeConsentedScopes?: boolean;
            shouldReplace?: boolean;
        } = ...

      Returns Promise<any>

    • Process a well-formed ConsentRequired error response from a Globus service and redirect the user to the Globus Auth login page with the necessary parameters.

      Parameters

      Returns Promise<void>

    • Handle an error response from a Globus service in the context of this AuthorizationManager. This method will introspect the response and attempt to handle any errors that should result in some additional Globus Auth interaction.

      Parameters

      • response: Record<string, unknown>

        The error response from a Globus service.

      • Optionaloptions: true | { additionalParams?: { [key: string]: string }; execute?: true }

        Options for handling the error response. If a boolean is provided, this will be treated as the options.execute value.

        • true
        • { additionalParams?: { [key: string]: string }; execute?: true }
          • OptionaladditionalParams?: { [key: string]: string }

            Additional query parameters to be included with the transport generated URL.

          • Optionalexecute?: true

            Whether to execute the handler immediately.

      Returns Promise<void>

    • Handle an error response from a Globus service in the context of this AuthorizationManager. This method will introspect the response and attempt to handle any errors that should result in some additional Globus Auth interaction.

      Parameters

      • response: Record<string, unknown>

        The error response from a Globus service.

      • Optionaloptions: false | { additionalParams?: { [key: string]: string }; execute?: false }

        Options for handling the error response. If a boolean is provided, this will be treated as the options.execute value.

        • false
        • { additionalParams?: { [key: string]: string }; execute?: false }
          • OptionaladditionalParams?: { [key: string]: string }

            Additional query parameters to be included with the transport generated URL.

          • Optionalexecute?: false

            Whether to execute the handler immediately.

      Returns Promise<() => Promise<void>>

    • Initiate the login process by redirecting to the Globus Auth login page.

      IMPORTANT: This method will reset the instance state before initiating the login process, including clearing all tokens from storage. If you need to maintain the current state, use the AuthorizationManager.prompt() method.

      Parameters

      • options: { additionalParams: {} } = ...

      Returns Promise<unknown>

      Passing parameters to the transport.
      const result = await manager.login({
        additionalParams: {
          redirect_uri: '/oauth/redirect-uri-runtime-override',
        },
      });

    • Prompt the user to authenticate with Globus Auth.

      Parameters

      • Optionaloptions: Partial<TransportOptions>

      Returns Promise<unknown>

      Passing parameters to the transport.
      const result = await manager.prompt({
        additionalParams: {
          redirect_uri: '/oauth/redirect-uri-runtime-override',
        },
      });

    • Reset the authenticated state and clear all tokens from storage. This method does not emit the revoke event. If you need to emit the revoke event, use the AuthorizationManager.revoke method.

      Returns void

    • Call AuthroizationManager.reset, revoke all of the available tokns, and emit the revoke event.

      Returns Promise<void>

      AuthorizationManager.events#revoke

      AuthorizationManager.reset

    Settings

    Member Visibility

    On This Page

    Registering your Globus ApplicationUsage with Service Methods
    Constructors
    Properties
    Accessors
    Methods