Setup and Authorization
FreJun supports the OAuth 2.0 standard for authorizing third-party applications.
To get started:
- Visit https://product.frejun.com and log in.
- Navigate to the Settings section.
- Go to the Developer tab.
- Click on your existing OAuth app, or select Create App to register a new one.
Once your app is created, you’ll be redirected to a page displaying your Client ID and Client Secret.
Use these credentials to:
- Generate access and refresh tokens for authenticating with FreJun APIs.
- Subscribe to FreJun webhooks.
Requirements
- An active Frejun account.
- The following details are required while creating the app.
| Parameter | Description |
|---|---|
| Name | Name of your App |
| Redirect/Callback URI | Users will be redirected to this URL after granting access to your app |
Connecting your application with FreJun
- Build the Authorization URL with your application's
client_idand redirect the user there. It should look like this:
https://product.frejun.com/oauth/authorize/?client_id=<client_id>
You can append extra query parameters to the authorization URL. These parameters will be preserved and passed back as-is to the specified redirect_uri, for example:
https://product.frejun.com/oauth/authorize/?client_id=<client_id>&redirect_uri=<your_new_redirect_uri>&state=<your_custom_state>&username=<some_username>
After successful authentication, the user will be redirected to:
<redirect_url>?code=<oauth_code>&email=<user_email>&state=<your_custom_state>&username=<some_username>
- Once the user reaches the Authorization page, they will be prompted to log in to FreJun (if not logged in already) and will be redirected to a consent page where they can Accept or Decline.
- On Accepting, the user will be redirected to the redirect URL
provided while creating the app with
codeandemailof the user attached as a query param:<redirect_url>?code=<authorization_code>&email=<user_email>
Instead of always relying on the fixed redirect URI configured at the time of app creation, you can make it dynamic by passing it as a query parameter in the authorization URL, for example:
https://product.frejun.com/oauth/authorize/?client_id=<client_id>&redirect_uri=<your_new_redirect_uri>
- On Declining, the user will be redirected to the redirect URL
provided while creating the app with
codeattached as an empty string:<redirect_url>?code= - The
codeobtained can be used to create Access & Refresh tokens by invoking the create token endpoint.
The authorization code is only valid for 10 minutes.
We also post a message back to the opener of the consent window containing the code and any other parameters that are appended to the redirect_uri, so the opener can directly consume the data without relying only on the redirect flow.
Example (listening for it on the opener side):
window.addEventListener('message', (event) => {
if (event.origin !== 'https://product.frejun.com' || !event.data) return; // to make sure the message you are listening to is from the expected origin
let eventData = event.data;
if(eventData.eventName == "oauth-code") {
// Handle the oauth-code event
const { code, email, ...otherparams } = eventData.data;
}
});
In the above example:
code: The OAuth authorization code, which can be exchanged for access and refresh tokens.
email: The email address of the user who authorized the app via their Frejun account.
otherparams: Any additional parameters that were included in the original authorization URL.