Skip to main content
The Accounts SDK (@livechat/accounts-sdk) is a JavaScript library that lets you implement the Sign in with Text flow — the easiest way to get access to basic information in Text accounts. The Sign in with Text flow lets you:
  • Get access to the Text account user’s email, account ID, or organization ID.
  • Receive an access_token that can be used to perform API calls.
  • Receive a code using the PKCE extension, which could be then used to obtain the account’s refresh_token and access_token.

User flow

Users start the flow by clicking the Sign in with Text button. If a user is not signed in, they’ll be asked to do that. Then, the user must give the app access to the specified parts of their Text account. Finally, the app receives an access_token that allows it to perform different API calls, limited to what the user agreed to in the prompt.

How to start

Step 1: Create a new app

Go to Settings → API access → OAuth clients and create a new OAuth client. You will receive a new client_id to use in the next steps. The Redirect URI field must match the URL of the website that has the Sign in with Text button installed. The button will not work with any other URL addresses.

Step 2: Include the SDK library

Install the SDK from NPM:

Step 3: Prepare button container

Prepare the login button, which will invoke the authorization flow when a user clicks it.
Use prompt: "consent" to force the app to ask you for access to certain resources.

Accounts SDK reference

Following classes and methods are available in the Accounts SDK:

AccountsSDK

The main instance of the SDK used to authorize users in Text Accounts.
The constructor accepts an options object with the following properties: The transaction object consists of the following parameters: In the pkce object, define the following configuration properties: Returns a Popup object instance built on top of sdk.

redirect

Returns a Redirect object instance built on top of sdk.

authorizeURL

Creates an authorization URL for the given flow and parameters.

verify

Verifies if the state parameter from the redirect matched the one provided upon initialization. If it does, the method returns Transaction. Otherwise, it returns null.
A class responsible for acquiring the user authorization data through a popup window.
A popup object instance can also be created via sdk:

authorize

Returns a promise that resolves with the user authorization data or an error.
The Sample app with the popup flow has a fully implemented authorization flow.

Redirect

A class responsible for acquiring the user authorization data through the redirect method.
A redirect object instance can also be created via sdk:

authorize

Starts the redirect authorization flow.

authorizeData

Checks if a user was redirected to the current origin with the authorization data. Returns a promise that resolves with the user authorization data or an error.
The Sample app with the redirect flow has a fully implemented authorization flow.

PKCE support

To acquire both access_token and refresh_token in a frontend application, use the PKCE Extension, which prevents the usage of a hijacked redirect by malicious apps.
  1. Start by enabling PKCE. Provide AccountsSDK instance with PKCE options:
  1. Then, using the redirect flow, you’re able to receive the code authorization data:

Response format

All authorize methods return the user authorization data on success, or an error on failure.

Success

Error

If the authorization process fails, the promise will be rejected with an error:

identity_exception

Possible values:
  • unauthorized – The resource owner identity is unknown or the consent is missing.

oauth_exception

Possible values:
  • invalid_request – The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
  • unauthorized_client – The client is not authorized to request a token using this method.
  • access_denied – The resource owner or authorization server denied the request.
  • unsupported_response_type – The authorization server doesn’t support acquiring a token using this method.