Skip to main content

🧪 Authorization in a browser

caution

@experimental This functionality is experimental and subject to change.

Authorization in a browser

There are a few prerequisites using @globus/sdk for authorization:

  • An application accessible via a URL – localhost is acceptable.
  • A registered Globus application configured to allow redirects to the application URL.
  • The UUID of the registered client application.

authorization.pkce​

authorizaiton.pkce acts as a factory for creating a PKCEAuthorization instance.

import { authorization } from "@globus/sdk";

/**
 * @see https://docs.globus.org/api/auth/developer-guide/#pkce
 */

/**
 * @example "bb8b1927-8b64-4c68-a025-dd7daca20cbd" // globus-js : react-pkce : Native Client
 * @see https://docs.globus.org/api/auth/developer-guide/#register-app
 * @see https://auth.globus.org/v2/web/developers
 */
const GLOBUS_NATIVE_CLIENT_ID = "bb8b1927-8b64-4c68-a025-dd7daca20cbd";

const pkce = authorization.pkce({
  client_id: GLOBUS_NATIVE_CLIENT_ID,
  /**
   * The redirect URI Globus Auth will send requests to after authorization.
   */
  redirect_uri: "http://localhost:3000",
  /**
   * Any supported Globus scopes required by your application.
   */
  requested_scopes:
    "openid profile email urn:globus:auth:scope:transfer.api.globus.org:all",
});

Given a configuration, the instance will provide methods for authorizing a user, manage storage (via localStorage) of generated tokens, and more.

There are three primary methods your application will likely use:

  • pkce.redirect() – Redirects the user to Globus Auth to authorize your application.
    • This is typically called on a button click (i.e. "Log In") or other user action.
  • pkce.handleCodeRedirect() – Handles the redirect from Globus Auth after the user has authorized your application.
    • This method will need to be called on some lifecycle event at your redirect_uri – for example, in a React application, this could be in a useEffect hook.
  • pkce.hasToken() – Returns a boolean indicating whether or not the user has a valid access for the configured scope.

Next Steps​