A full-stack Next.js application that walks through the complete Grantex authorization lifecycle — agent registration, consent UI, token exchange, and audit logging.
Unlike the CLI examples, this demo runs a real web server so you can see the consent redirect flow visually.
What it demonstrates
- Registering an agent from a server-side API route
- Creating an authorization request with a redirect URI
- Redirecting to the Grantex consent UI
- Exchanging the authorization code for a grant token
- Logging an audit entry after token exchange
- Displaying grant details and audit trail in a callback page
Quick start
Open http://localhost:3000 and click Start Demo.
Flow overview
Project structure
Environment variables
Key design decisions
- Server-side SDK only — All Grantex SDK calls happen in API routes. The API key never reaches the browser.
- Cookie-based state —
agentId and a random state are stored in cookies before redirect, then verified on the callback to prevent CSRF.
- Fresh agent per demo — Each click registers a new agent. No database required.
- No UI libraries — Minimal CSS matching the grantex.dev branding.
Last modified on July 11, 2026