Authentication

Snippet for authentication flow (Oauth2)

Each time the SDK refreshes the accessToken the freshTokensCallback is called with the response. You can store this data in localStorage or any other persistant data store. When you restart your application, you can check the data store for a refreshToken and use that to authenticate with the SDK.

import { createOAuth2Client } from "@extrahorizon/javascript-sdk";

const exh = createOAuth2Client({
  host: "",
  clientId: "",
  freshTokensCallback: (tokenData) => {
    localStorage.setItem("refreshToken", tokenData.refreshToken);
  },
});

try {
  const refreshToken = await localStorage.getItem("refreshToken");

  if (refreshToken) {
    await exh.auth.authenticate({
      refreshToken,
    });
  } else {
    // redirect to /login
  }
} catch (error) {
  localStorage.removeItem("refreshToken");
  // redirect to /login
}

Snippet for authentication flow (Oauth1)

You need to capture the response from the authenticate function when logging in with email / password so that subsequent SDK initializations such as app restarts can use the key / secret combination stored in persistent data storage to authenticate the current user.

Proxy client

The package export a client you can use in combination with a proxy service. The client will throw a typed error in case you need to redirect to the login page.

Local setup

If you want to use the proxy sdk locally, you need to make some changes to your local setup.

• Add 127.0.0.1 local.yourdomain.com to your /etc/hosts file (or if you are using Windows c:\Windows\System32\Drivers\etc\hosts)

• Start your server with https enabled.

  • For Mac/Linux, this can be done by running HTTPS=true yarn start.

  • For Windows, you have to add HTTPS=true to your user environment. Once the variable has been set, run yarn start.

• Open your browser https://local.yourdomain.com:3000/ and skip the security warning.

Snippet for stored credentials

When you already use the exh/cli tool, you can use this snippet to initialize. More info: https://docs.extrahorizon.com/cli/setup/credentials

Other examples

OAuth1

Token authentication with optional skip

The skipTokenCheck saves ~300ms by skipping validation on your token and tokenSecret.

Email authentication

OAuth2

Password Grant flow

Authorization Code Grant flow with callback

• Generating an Authorization Code is out of scope for this snippet, but generally:

  • Your application has a login/authorization page

  • It allows the user to login to your application

  • Shows the information about the (other, 3rd party) application requesting access

  • After consent to give access to the user its account, redirects the user to the application

• The (3rd party) application then receives the Authorization Code in the query parameters

• Capture the query params on the redirect uri

• Authenticate with the code query param

Refresh Token Grant flow

Password Grant flow with two-step MFA in try / catch

Confidential Applications

If you are using a confidential application in combination with React-Native. The SDK will add btoa function to your global scope. See https://github.com/ExtraHorizon/javascript-sdk/issues/446

Creating applications

Example

If you want to create an application can you use generic to determine the correct application and application version type.

ie. creating an OAuth1 application with a version.

Typeguards

If you need a typeguard, you can use the following snippets.