{"id":22268210,"url":"https://github.com/curityio/javascript-assisted-token-website","last_synced_at":"2026-01-05T08:34:46.545Z","repository":{"id":52856071,"uuid":"242350290","full_name":"curityio/javascript-assisted-token-website","owner":"curityio","description":"An example of the assisted token flow using JavaScript and JQuery","archived":false,"fork":false,"pushed_at":"2021-04-16T09:20:54.000Z","size":17,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-01-30T13:31:34.788Z","etag":null,"topics":["assisted-token","code-example","oauth2","openid-connect","spa"],"latest_commit_sha":null,"homepage":"https://curity.io/resources/learn/javascript-assisted-token-sample/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curityio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-02-22T13:55:24.000Z","updated_at":"2023-04-26T10:46:10.000Z","dependencies_parsed_at":"2022-08-23T09:20:46.476Z","dependency_job_id":null,"html_url":"https://github.com/curityio/javascript-assisted-token-website","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fjavascript-assisted-token-website","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fjavascript-assisted-token-website/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fjavascript-assisted-token-website/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fjavascript-assisted-token-website/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curityio","download_url":"https://codeload.github.com/curityio/javascript-assisted-token-website/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245486240,"owners_count":20623239,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assisted-token","code-example","oauth2","openid-connect","spa"],"created_at":"2024-12-03T11:11:54.238Z","updated_at":"2026-01-05T08:34:46.479Z","avatar_url":"https://github.com/curityio.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JavaScript Assisted Token Example\n\n[![Quality](https://img.shields.io/badge/quality-demo-red)](https://curity.io/resources/code-examples/status/)\n[![Availability](https://img.shields.io/badge/availability-source-blue)](https://curity.io/resources/code-examples/status/)\n\nThis example shows how the assisted token flow can be used with a JavaScript client. One part of the example uses JQuery to call an API, but that library is only needed for that part, and isn't a requirement of the assisted token flow or the client library.\n\n\u003e *NOTE*: A very similar version of this example used to ship with the Curity Identity Server.\n\n## Setup\n\nThis sample is easiest to run after executing the basic setup wizard. It assumes that URIs for various endpoints use the ones created by that wizard. If this doesn't match your setup, some parts of the HTML and JavaScript in `index.html` will requires changes. \n\nThe client that is used in the example is called `client-assisted-example`. This can be imported by running the [sample configuration](https://developer.curity.io/release/5.0.0/configuration-samples) that accompanies each release of the Curity Identity Serve, and can be found in the developer portal. If this configuration isn't used, the following client (or one very similar to it) should be defined:\n\n```xml\n\u003cconfig xmlns=\"http://tail-f.com/ns/config/1.0\"\u003e\n  \u003cprofiles xmlns=\"https://curity.se/ns/conf/base\"\u003e\n  \u003cprofile\u003e\n  \t\u003c!-- This is the profile ID created by the basic setup wizard, but may require changes in your setup. --\u003e\n    \u003cid\u003etoken-service\u003c/id\u003e\n    \u003ctype xmlns:as=\"https://curity.se/ns/conf/profile/oauth\"\u003eas:oauth-service\u003c/type\u003e\n      \u003csettings\u003e\n      \u003cauthorization-server xmlns=\"https://curity.se/ns/conf/profile/oauth\"\u003e\n      \u003cclient-store\u003e\n      \u003cconfig-backed\u003e\n      \u003cclient\u003e\n        \u003cid\u003eclient-assisted-example\u003c/id\u003e\n        \u003c!-- Will require changes if different host or port is used --\u003e\n        \u003callowed-origins\u003ehttp://localhost:8080\u003c/allowed-origins\u003e\n        \u003ccapabilities\u003e\n          \u003cassisted-token/\u003e\n        \u003c/capabilities\u003e\n      \u003c/client\u003e\n      \u003c/config-backed\u003e\n      \u003c/client-store\u003e\n      \u003c/authorization-server\u003e\n      \u003c/settings\u003e\n  \u003c/profile\u003e\n  \u003c/profiles\u003e\n\u003c/config\u003e\n```\n\nThe important parts of this configuration are:\n\n* The client ID needs to match the one in the JavaScript in `index.html` at line 76.\n* The client and profile have to have the assisted token flow enabled.\n* The allowed origin should match the one used to host `index.html` (the JavaScript client). For testing, `*` can be used, but is _not_ recommended.\n\n## Serving the Sample\n\nThe sample is a static HTML page. This makes it very easy to host anywhere. For instance, it can be hosted with this one line command:\n\n```bash\n$ npx http-server\n```\n\nThis will work for most of the use cases covered by the example, but not all. To make all of them work, the `server.js` file should be used with Node.js like this:\n\n```bash\n$ node server.js\n```\n\nThis will ensure that the example demonstrating how to call an API works. Also, the second example showing SSO requires this.\n\nOnce the static HTML is served, by hook or by crook, download it into a browser and try it out. \n\n## More Information\n\nMore information about the assisted token flow and other related samples can be found at these locations:\n\n* [Angular example](https://github.com/curityio/angular-assisted-token-website)\n* [React example](https://github.com/curityio/react-assisted-token-website)\n* Assisted token flow [blog post and presentation](https://nordicapis.com/assisted-token-flow-the-answer-to-oauth-integration-in-single-page-applications/) on Nordic APIs\n* Assisted token draft [protocol specification](https://datatracker.ietf.org/doc/draft-ideskog-assisted-token/)\n* [Other developer resources and example](https://developer.curity.io/) on the Curity.io Web site\n\n## Licensing\n\nThis software is copyright (C) 2020 Curity AB. It is open source software that is licensed under the [Apache 2 license](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fjavascript-assisted-token-website","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcurityio%2Fjavascript-assisted-token-website","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fjavascript-assisted-token-website/lists"}