Class AuthorizationManager

constructor

• new AuthorizationManager(
      configuration: AuthorizationManagerConfiguration,
  ): AuthorizationManager

  Parameters

  • configuration: AuthorizationManagerConfiguration

  Returns AuthorizationManager

configuration

events

storage

tokens

authenticated

• get authenticated(): boolean

  The AuthorizationManager is considered authenticated if it has a valid Globus Auth token. It does not necessarily mean that it has a valid token for a specific resource server.

  Returns boolean
• set authenticated(value: boolean): void

  Set the authenticated state and emit the authenticated event.

  Parameters

  • value: boolean

  Returns void

storageKeyPrefix

• get storageKeyPrefix(): string

  Returns string

user

• get user(): null | JwtUserInfo

  The user information decoded from the id_token (JWT) of the current Globus Auth token. This method can be used instead of auth.oauth2.userinfo to get the user information without an additional request.

  IMPORTANT: The id_token can only be processed if the openid scope is requested during the authorization process.

  Additionally, the profile and email scopes are required to get the full user information.

  Returns null | JwtUserInfo

  See

  https://docs.globus.org/api/auth/reference/#oidc_userinfo_endpoint

addTokenResponse

• addTokenResponse(token: Token | TokenResponse): void

  Add a Globus Auth token response to storage, if other_tokens are present they are also added. This method is mostly used internally by the AuthorizationManager, but can be used by downstream consumers to add tokens to storage if necessary.

  Parameters

  • token: Token | TokenResponse

  Returns void

getGlobusAuthToken

• getGlobusAuthToken(): any

  Retrieve the Globus Auth token managed by the instance.

  Returns any

handleAuthorizationRequirementsError

• handleAuthorizationRequirementsError(
      response: AuthorizationRequirementsError,
      options?: { additionalParams?: { [key: string]: string } },
  ): Promise<void>

  Process a well-formed Authorization Requirements error response from a Globus service and redirect the user to the Globus Auth login page with the necessary parameters.

  Parameters

  • response: AuthorizationRequirementsError
  • Optionaloptions: { additionalParams?: { [key: string]: string } }

  Returns Promise<void>

handleCodeRedirect

• handleCodeRedirect(
      options?: {
          additionalParams?: { [key: string]: string };
          includeConsentedScopes?: boolean;
          shouldReplace?: boolean;
      },
  ): Promise<any>

  This method will attempt to complete the PKCE protocol flow.

  Parameters

  • options: {
        additionalParams?: { [key: string]: string };
        includeConsentedScopes?: boolean;
        shouldReplace?: boolean;
    } = ...

  Returns Promise<any>

handleConsentRequiredError

• handleConsentRequiredError(
      response: ConsentRequiredError,
      options?: { additionalParams?: { [key: string]: string } },
  ): Promise<void>

  Process a well-formed ConsentRequired error response from a Globus service and redirect the user to the Globus Auth login page with the necessary parameters.

  Parameters

  • response: ConsentRequiredError
  • Optionaloptions: { additionalParams?: { [key: string]: string } }

  Returns Promise<void>

handleErrorResponse

• handleErrorResponse(
      response: Record<string, unknown>,
      options?:
          | true
          | { additionalParams?: { [key: string]: string }; execute?: true },
  ): Promise<void>

  Handle an error response from a Globus service in the context of this AuthorizationManager. This method will introspect the response and attempt to handle any errors that should result in some additional Globus Auth interaction.

  Parameters

  • response: Record<string, unknown>

    The error response from a Globus service.
  • Optionaloptions: true | { additionalParams?: { [key: string]: string }; execute?: true }

    Options for handling the error response. If a boolean is provided, this will be treated as the options.execute value.

    • true
    • { additionalParams?: { [key: string]: string }; execute?: true }

      • OptionaladditionalParams?: { [key: string]: string }

      • Optionalexecute?: true

        Whether to execute the handler immediately.

  Returns Promise<void>
• handleErrorResponse(
      response: Record<string, unknown>,
      options?:
          | false
          | { additionalParams?: { [key: string]: string }; execute?: false },
  ): Promise<() => Promise<void>>

  Handle an error response from a Globus service in the context of this AuthorizationManager. This method will introspect the response and attempt to handle any errors that should result in some additional Globus Auth interaction.

  Parameters

  • response: Record<string, unknown>

    The error response from a Globus service.
  • Optionaloptions: false | { additionalParams?: { [key: string]: string }; execute?: false }

    Options for handling the error response. If a boolean is provided, this will be treated as the options.execute value.

    • false
    • { additionalParams?: { [key: string]: string }; execute?: false }

      • OptionaladditionalParams?: { [key: string]: string }

      • Optionalexecute?: false

        Whether to execute the handler immediately.

  Returns Promise<() => Promise<void>>

hasGlobusAuthToken

• hasGlobusAuthToken(): boolean

  Whether or not the instance has a reference to a Globus Auth token.

  Returns boolean

login

• login(options?: { additionalParams: {} }): Promise<void>

  Initiate the login process by redirecting to the Globus Auth login page.

  IMPORTANT: This method will reset the instance state before initiating the login process, including clearing all tokens from storage. If you need to maintain the current state, use the AuthorizationManager.prompt method.

  Parameters

  • options: { additionalParams: {} } = ...

  Returns Promise<void>

prompt

• prompt(options?: Partial<RedirectTransportOptions>): Promise<void>

  Prompt the user to authenticate with Globus Auth.

  Parameters

  • Optionaloptions: Partial<RedirectTransportOptions>

  Returns Promise<void>

refreshToken

• refreshToken(token: TokenWithRefresh): Promise<null | TokenResponse>

  Use the refresh_token attribute of a token to obtain a new access token.

  Parameters

  • token: TokenWithRefresh

    The well-formed token with a refresh_token attribute.

  Returns Promise<null | TokenResponse>

refreshTokens

• refreshTokens(): Promise<PromiseSettledResult<null | TokenResponse>[]>

  Attempt to refresh all of the tokens managed by the instance. This method will only attempt to refresh tokens that have a refresh_token attribute.

  Returns Promise<PromiseSettledResult<null | TokenResponse>[]>

reset

• reset(): void

  Reset the authenticated state and clear all tokens from storage. This method does not emit the revoke event. If you need to emit the revoke event, use the AuthorizationManager.revoke method.

  Returns void

revoke

• revoke(): Promise<void>

  Call AuthroizationManager.reset, revoke all of the available tokns, and emit the revoke event.

  Returns Promise<void>

  Emits

  AuthorizationManager.events#revoke

  See

  AuthorizationManager.reset