Version 3 - beta
This site is referring to the latest generation 3 of the JSO library.
Currently it is less table than the stable branch.
This is a guide to get started using JSO.
Pleae report to the issue tracker if you discover errors in the documentation or the software.
If you discover errors or would like to contribute to this documentation, the documentation is available on a public github repo, and feel free to submit pull requests.
Preferrably you may obtain JSO using bower.io.
Alternatively, you may obtain the source from github by downloading or cloning the source.
Once you got JSO locally, you'll need to load the library in your web application.
If you use requirejs, you may load the library like this:
If you would like to fork the library, modify or contribute to development, you must use should use AMD loading, and refer to the
src/jso version, like this:
Instructions on how to use JSO with component is not yet available. Power users with experence with component: feel free to send a pulll request with some basic instructions.
To start using JSO, you need to initialize a new JSO object with configuration for an OAuth 2.0 Provider:
Here are more options to JSO:
- OPTIONAL This is just a name tag that is used to prefix data stored in the browser. It can be anything you'd like :)
- The client idenfier of your client that is trusted by the provider. As JSO uses the implicit grant flow, there is now use for a client secret.
- OPTIONAL (may be needed by the provider). The URI that the user will be redirected back to when completed. This should be the same URL that the page is presented on.
- OPTIONAL How to present the token with the protected calls. Values can be
qs(in query string) or
header(default; in authorization header).
- OPTIONAL Seconds with default lifetime of an access token. If set to
false, it means permanent.
- A scope that indicates that the lifetime of the access token is infinite. (not yet tested.)
- Some OAuth providers does not support the
stateparameter. When this parameter is missing, the consumer does not which provider that is sending the access_token. If you only provide one provider config, or set isDefault to
truefor one of them, the consumer will assume this is the provider that sent the token.
- For providers that does not support
state: If state was not provided, and default provider contains a scope parameter we assume this is the one requested... Set this as the same list of scopes that you provide to
- Control what scopes are requested in the authorization request.
- If debug is set to true, verbose logging will make it easier to debug problems with JSO.
Catching the response when the user is returning
On the page (usually the same) that the user is sent back to after authorization, typically the
redirect_uri endpoint, you would need to call the
callback-function on JSO to tell it to check for response parameters:
Be aware to run the
callback() function early, and before you router and before you start using the jso object to fetch data.
Getting the token
You may avoid using jQuery, and handle the access token all by your self. To get an token, use the
You may also ensure that a token is available early in your application, to force all user interaction and redirection to happen before your application is fully loaded. To do that make a call to getToken, and wait for the callback before you continue.
You may wipe all stored tokens, in order to simulate a logout experience:
Performing authenticated CORS API calls
With JSO, you do not need to think of the OAuth token themselves, instead you can use JSO