This is a fully client-side implementation of the OAuth 2.0 Authorization Code Grant. It's meant to be a reference implementation of using the Getty API with users using their own Getty or iStock credentials.
This form of Authorization Code does not use a client secret. It does make use of the PKCE extension to aid in keeping the access token secure from any malicious scripts or apps on the user's device.
This project does not rely on any third-party libraries or packages.
After cloning this repository, the simplest way to test it out is by using Docker. The following snippet assumes the presence of make on your system.
git clone https://github.com/gettyimages/gettyimages-api.git
cd gettyimages-api/javascript/auth-code-client-side
makeIf you do not have make installed, you can start the Docker container with:
docker run -d -v $PWD:/usr/share/nginx/html --name nginx-authcode --rm -p 8080:80 nginx:mainline-alpineOnce the nginx container starts up...
- Open a browser and navigate to http://localhost:8080.
- Enter your API Key in the box and click Set API Key.
- Click Login, you will be prompted for your Getty or iStock user credentials.
- Your browser will be redirected, and you should then see some photos of dogs.
When you are finished trying it out type:
make stopThis will stop the nginx container and delete it.
The application uses local and session storage to store things like the API Key you entered and the access and refresh tokens retrieved. This way you can see how things work between browser sessions. Once you've logged in, you can navigate back to the main page and click on Use refresh token which will get a new access token using the stored refresh token and then redirect to the search results page once again.