React

Authorization

To make requests to a vehicle, your end user must connect their vehicle using Smartcar Connect. Connect uses the OAuth 2.0 protocol to provide a secure and elegant authorization flow for your users.

1. Initialize the Smartcar object

Instantiate a Smartcar object in the constructor of the App component.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
// src/App.jsx

constructor(props) {
  ...
  // TODO: Authorization Step 1: Initialize the Smartcar object
  this.smartcar = new Smartcar({
    clientId: process.env.REACT_APP_CLIENT_ID,
    redirectUri: 'https://javascript-sdk.smartcar.com/redirect-2.0.0?app_origin=http://localhost:3000',
    scope: ['read_vehicle_info'],
    testMode: true,
    onComplete: this.onComplete,
  });
}

2. Launch Connect

A single-page application will launch a pop-up window with Connect to request access to a user's vehicle. On Connect, the user logs in with their vehicle credentials and grants the application access to their vehicle.

To launch Connect, we can use the openDialog function that our Smartcar object has access to. We can place this is an onClick handler of an HTML button.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
// src/App.jsx

authorize() {
  // TODO: Authorization Step 2a: Launch Connect
  this.smartcar.openDialog({forcePrompt: true});
}

render() {
  // TODO: Authorization Step 2b: Render the Connect component
  return <Connect onClick={this.authorize} />;
}

Connect is a simple component that renders an HTML button with the passed in onClick handler.

3. Receive the authorization code

Once a user has authorized the application to access their vehicle, the user is redirected to the redirect_uri with an authorization code as a query parameter and the pop-up dialog is closed. Using the JavaScript SDK, the front-end can receive this code in the onComplete callback passed into the Smartcar object.

The authorization code represents a user consenting your application access to their vehicle. It does not grant access to the vehicle itself.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
// src/App.jsx

onComplete(err, code, status) {
  // TODO: Authorization Step 3: Receive the authorization code
  console.log(code);
  // prints out the authorization code
}

Try it out

Let's try authenticating a vehicle in test mode.

In test mode, any login credentials for all brands are valid!

Restart your server, open up your browser and go to http://localhost:3000/login. Notice once you log in, Smartcar showcases all the permissions your application is asking for, in this case, read_vehicle_info. A user has to consent to all the permissions.

Once you have logged in and accepted the permissions, you should see your authorization code printed to your console.


In the next section, we will cover how to exchange the authorization code for an access_token and make your first request to Smartcar API with it!