Globus SDK for JavaScript
    Preparing search index...

    Class AuthorizationManager

    Provides management of Globus authorization context for your application.

    • Handles the OAuth protcol flow (via PKCE)
    • Token lifecycle management
    • Common errors (e.g., ConsentRequired, authorization_requirements)

    Once you configure your instance, you can determine the authenticated state using manager.authenticated.

    To prompt a user to authenticate, call manager.login() on user interaction – this will initiate the OAuth protocol flow with your configured client and scopes, resulting in an initial redirect to Globus Auth.

    Once the user authenticates with Globus Auth, they will be redirected to your application using the configured redirect URL. On this URL, you will need to call manager.handleCodeRedirect (using a manager instance configured in the same manner that initiated the manager.login() call) to complete the PKCE flow, exchanging the provided code for a valid token, or tokens.

    All tokens managed by the AuthorizationManager instance can be found on manager.token.

    The AuthorizationManager expects your Globus Application to be registered as an OAuth public client. In this Globus Web Application, this option is referenced as "Register a thick client or script that will be installed and run by users on their devices".

    import { authorization } from "globus/sdk";

    const manager = authorization.create({
    // Your registered Globus Application client ID.
    client: '...',
    // The redirect URL for your application; Where you will call `manager.handleCodeRedirect()`
    redirect: 'https://example.com/callback',
    // Known scopes required by your application.
    scopes: 'urn:globus:auth:scope:transfer.api.globus.org:all',
    });
    Index

    Constructors

    Properties

    events: {
        authenticated: Event<
            "authenticated",
            { isAuthenticated: boolean; token?: TokenResponse },
        >;
        revoke: Event<"revoke", unknown>;
    } = ...

    Type declaration

    • authenticated: Event<"authenticated", { isAuthenticated: boolean; token?: TokenResponse }>

      Emitted when the authenticated state changes. AuthorizationManager.events#authenticated

    • revoke: Event<"revoke", unknown>

      Emitted when the user revokes their authentication. AuthorizationManager.events#revoke

    storage: Storage

    The storage system used by the AuthorizationManager.

    Storage

    tokens: TokenManager

    Accessors

    Methods

    • This method will attempt to complete the PKCE protocol flow.

      Parameters

      • options: {
            additionalParams?: { [key: string]: string };
            includeConsentedScopes?: boolean;
            shouldReplace?: boolean;
        } = ...

      Returns Promise<any>

    • Process a well-formed ConsentRequired error response from a Globus service and redirect the user to the Globus Auth login page with the necessary parameters.

      Parameters

      Returns Promise<void>

    • Handle an error response from a Globus service in the context of this AuthorizationManager. This method will introspect the response and attempt to handle any errors that should result in some additional Globus Auth interaction.

      Parameters

      • response: Record<string, unknown>

        The error response from a Globus service.

      • Optionaloptions: true | { additionalParams?: { [key: string]: string }; execute?: true }

        Options for handling the error response. If a boolean is provided, this will be treated as the options.execute value.

        • true
        • { additionalParams?: { [key: string]: string }; execute?: true }
          • OptionaladditionalParams?: { [key: string]: string }
          • Optionalexecute?: true

            Whether to execute the handler immediately.

      Returns Promise<void>

    • Handle an error response from a Globus service in the context of this AuthorizationManager. This method will introspect the response and attempt to handle any errors that should result in some additional Globus Auth interaction.

      Parameters

      • response: Record<string, unknown>

        The error response from a Globus service.

      • Optionaloptions: false | { additionalParams?: { [key: string]: string }; execute?: false }

        Options for handling the error response. If a boolean is provided, this will be treated as the options.execute value.

        • false
        • { additionalParams?: { [key: string]: string }; execute?: false }
          • OptionaladditionalParams?: { [key: string]: string }
          • Optionalexecute?: false

            Whether to execute the handler immediately.

      Returns Promise<() => Promise<void>>

    • Initiate the login process by redirecting to the Globus Auth login page.

      IMPORTANT: This method will reset the instance state before initiating the login process, including clearing all tokens from storage. If you need to maintain the current state, use the AuthorizationManager.prompt method.

      Parameters

      • options: { additionalParams: {} } = ...

      Returns Promise<void>

    • Prompt the user to authenticate with Globus Auth.

      Parameters

      • Optionaloptions: Partial<RedirectTransportOptions>

      Returns Promise<void>

    • Reset the authenticated state and clear all tokens from storage. This method does not emit the revoke event. If you need to emit the revoke event, use the AuthorizationManager.revoke method.

      Returns void

    • Call AuthroizationManager.reset, revoke all of the available tokns, and emit the revoke event.

      Returns Promise<void>

      AuthorizationManager.events#revoke

      AuthorizationManager.reset