Implicit Grant Type

<!DOCTYPE html>

<html lang="en">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<title>BYU Implicit Grant Type Example</title>
	<link rel="stylesheet" href="">
	<link rel="stylesheet" href="">
	<script src="" async></script>
	<script src="" async></script>
	<script src="" axync></script>
	<script src="/implicit.js" async></script>
	<p id="un-authenticated-msg" style="display:none;">
	  You are currently not logged in, please click the button below to log in!
	  <button type="button" onclick="authorize()">Log in</button>

	<p id="authenticated-msg" style="display:none;">
	  Your access token is: 
	<p id="make-call-msg" style="display:none;">
	  Please try making an api call by clicking the button below!

	<div id="response" style="height:400px;">
	  <pre><code id="response-code" class="language-json"></code></pre>
	<button type="button" onclick="testCall()" id="api-call" disabled>Make API Call</button>

// Settings for the script, you MUST fill these out for the example to work
var settings = {
	client_id: "YOUR_CLIENT_KEY_HERE",
	callback_url: "YOUR_CALLBACK_URL_HERE"

// Fix an issue with Prism cdn (this is for looks only, feel free to ignore this)
Prism.languages.json = {
	'property': /"(?:\\.|[^|"])*"(?=\s*:)/ig,
	'string': /"(?!:)(?:\\.|[^|"])*"(?!:)/g,
	'number': /\b-?(0x[\dA-Fa-f]+|\d*\.?\d+([Ee][+-]?\d+)?)\b/g,
	'punctuation': /[{}[\]);,]/g,
	'operator': /:/g,
	'boolean': /\b(true|false)\b/gi,
	'null': /\bnull\b/gi

Prism.languages.jsonp = Prism.languages.json;

var token;

window.onload = function() {
	// Try to get the token from the URL
	token = getToken();
	// If the token has been given so change the display
	if (token) {
		document.getElementById('api-call').disabled = false;
		document.getElementById('authenticated-msg').innerHTML += token;
		document.getElementById('authenticated-msg').style.display = "block";
		document.getElementById('make-call-msg').style.display = "block";
	} else { // Else we haven't been authorized yet
		document.getElementById('un-authenticated-msg').style.display = "block";

// Parses the URL parameters and returns an object
function parseParms(str) {
	var pieces = str.split("&"), data = {}, i, parts;
	// process each query pair
	for (i = 0; i < pieces.length; i++) {
		parts = pieces[i].split("=");
		if (parts.length < 2) {
		data[decodeURIComponent(parts[0])] = decodeURIComponent(parts[1]);
	return data;

// Returns the token from the URL hash
function getToken() {
	//substring(1) to remove the '#'
	hash = parseParms(document.location.hash.substring(1));
	return hash.access_token;

// Send the user to the authorize endpoint for login and authorization
function authorize() {
	window.location = "" + settings.client_id + "&redirect_uri=" + settings.callback_url;

// Make a call using our token to the Echo API
function testCall() {
		url: " There!",
		method: "GET",
		headers: {
			"Authorization" : "Bearer " + token
		success: function(response) {
			$("#response-code").html(JSON.stringify(response, null, 2));


For more information about how to run this example, click here.