Emitted when the authenticated state changes. AuthorizationManager.events#authenticated
Emitted when the user revokes their authentication. AuthorizationManager.events#revoke
The storage system used by the AuthorizationManager
.
The AuthorizationManager
is considered authenticated
if it has a valid Globus Auth token.
It does not necessarily mean that it has a valid token for a specific resource server.
Set the authenticated state and emit the authenticated
event.
The user information decoded from the id_token
(JWT) of the current Globus Auth token.
This method can be used instead of auth.oauth2.userinfo
to get the user information without an additional request.
IMPORTANT: The id_token
can only be processed if the openid
scope is requested during the authorization process.
Additionally, the profile
and email
scopes are required to get the full user information.
Add a Globus Auth token response to storage, if other_tokens
are present they are also added.
This method is mostly used internally by the AuthorizationManager
, but can be used by downstream
consumers to add tokens to storage if necessary.
Process a well-formed Authorization Requirements error response from a Globus service and redirect the user to the Globus Auth login page with the necessary parameters.
Optional
options: { additionalParams?: { [key: string]: string } }This method will attempt to complete the PKCE protocol flow.
Process a well-formed ConsentRequired
error response from a Globus service
and redirect the user to the Globus Auth login page with the necessary parameters.
Optional
options: { additionalParams?: { [key: string]: string } }Handle an error response from a Globus service in the context of this AuthorizationManager
.
This method will introspect the response and attempt to handle any errors that should result
in some additional Globus Auth interaction.
The error response from a Globus service.
Optional
options: true | { additionalParams?: { [key: string]: string }; execute?: true }Options for handling the error response. If a boolean is provided, this will be treated as the options.execute
value.
Optional
additionalParams?: { [key: string]: string }Optional
execute?: trueWhether to execute the handler immediately.
Handle an error response from a Globus service in the context of this AuthorizationManager
.
This method will introspect the response and attempt to handle any errors that should result
in some additional Globus Auth interaction.
The error response from a Globus service.
Optional
options: false | { additionalParams?: { [key: string]: string }; execute?: false }Options for handling the error response. If a boolean is provided, this will be treated as the options.execute
value.
Optional
additionalParams?: { [key: string]: string }Optional
execute?: falseWhether to execute the handler immediately.
Initiate the login process by redirecting to the Globus Auth login page.
IMPORTANT: This method will reset the instance state before initiating the login process,
including clearing all tokens from storage. If you need to maintain the current state,
use the AuthorizationManager.prompt
method.
Provides management of Globus authorization context for your application.
ConsentRequired
,authorization_requirements
)Once you configure your instance, you can determine the authenticated state using
manager.authenticated
.To prompt a user to authenticate, call
manager.login()
on user interaction – this will initiate the OAuth protocol flow with your configured client and scopes, resulting in an initial redirect to Globus Auth.Once the user authenticates with Globus Auth, they will be redirected to your application using the configured
redirect
URL. On this URL, you will need to callmanager.handleCodeRedirect
(using a manager instance configured in the same manner that initiated themanager.login()
call) to complete the PKCE flow, exchanging the provided code for a valid token, or tokens.All tokens managed by the
AuthorizationManager
instance can be found onmanager.token
.Registering your Globus Application
The
AuthorizationManager
expects your Globus Application to be registered as an OAuth public client. In this Globus Web Application, this option is referenced as "Register a thick client or script that will be installed and run by users on their devices".Example: Creating an AuthorizationManager instance.