Skip to main content
A full-stack Next.js application that walks through the complete Grantex authorization lifecycle — agent registration, consent UI, token exchange, and audit logging. Unlike the CLI examples, this demo runs a real web server so you can see the consent redirect flow visually.

What it demonstrates

  • Registering an agent from a server-side API route
  • Creating an authorization request with a redirect URI
  • Redirecting to the Grantex consent UI
  • Exchanging the authorization code for a grant token
  • Logging an audit entry after token exchange
  • Displaying grant details and audit trail in a callback page

Quick start

Open http://localhost:3000 and click Start Demo.

Flow overview

Project structure

Environment variables

Key design decisions

  • Server-side SDK only — All Grantex SDK calls happen in API routes. The API key never reaches the browser.
  • Cookie-based stateagentId and a random state are stored in cookies before redirect, then verified on the callback to prevent CSRF.
  • Fresh agent per demo — Each click registers a new agent. No database required.
  • No UI libraries — Minimal CSS matching the grantex.dev branding.
Last modified on July 11, 2026