Client Library
Color Theme Compliance (Beta)
UI Functions

t.authorize(url, opts)

Sometimes, such as to complete an oauth flow, you need to show a page in its own new window. For authentication, this is usually because oauth pages (for security reasons) cannot be displayed inside of iframes.


When calling t.authorize you must provide the URL to kick-off the authorization flow and, optionally, include an object containing a set of options. Below are valid values for the option object.

Height of the window to be opened in pixels.
Width of the window to be opened in pixels.
A function that returns a boolean value to indicate whether the token being returned is valid or not. If the function returns true, the Promise started by t.authorize will be resolved. If the function returns false, the Promise will not be resolved.
This callback gets called with the handle to the authorization window. This can be useful if you can't call window.close() in your new window (such as the case when your authorization page is rendered inside an iframe).

t.authorize can help you complete these flows. The first argument should be the URL that will be opened in a new window, and the options allow you to specify the size of the window, as well as a validation function if you want to check the token that comes back.

Here is an example of completing Trello's oauth flow using t.authorize:

The name and author parameters are only required if the app key you’re using is not tied to a Power-Up. You can verify this by visiting the app key page and viewing your personal key. If you are using your personal key in your Power-Up, that is considered a legacy app key, and you will need to pass these two parameters to the t.authorize method. Otherwise, Trello has no way of knowing it is tied to your Power-Up.

If your app key is NOT tied to your Power-Up, the provided name and author parameters will be shown to the member when they try to authorize your app. Otherwise, the Power-Up name and author (configured when the Power-Up was created) will be shown.

const t = window.TrelloPowerUp.iframe();

// When constructing the URL, remember that you'll need to encode your
// You can do that with the encodeURIComponent(string) function
// encodeURIComponent('Hello World') -> "Hello%20World"
const oauthUrl =
  "" +
  "&name=[APPNAME]&author=[APPAUTHOR]&scope=read&key=[APIKEY]&callback_method=fragment" +

const authBtn = document.getElementById("authorize");
authBtn.addEventListener("click", function () {
  t.authorize(oauthUrl, authorizeOpts)
    .then(function (token) {
      return t
        .set("organization", "private", "token", token)
        .catch(t.NotHandled, function () {
          // fall back to storing at board level
          return t.set("board", "private", "token", token);
    .then(function () {
      // now that the token is stored, we can close this popup
      // you might alternatively choose to open a new popup
      return t.closePopup();

t.authorize will return a Promise that you can wait to resolve or reject. The Promise will resolve when either the window.authorize(token) function is called, or an item is stored in localStorage on the same domain under the key 'token'.

The authorize handler opens a new window. Once the auth flow is complete in that window, you should land on a page you control (generally your return_url). That page needs to contain a small amount of javascript to send the resulting token back to the Power-Up.

Here is an example of how that would be achieved for the Trello OAuth flow from above:

let authorize;

try {
  if (window.opener && typeof window.opener.authorize === "function") {
    authorize = window.opener.authorize;
} catch (e) {
  // Security settings are preventing this, fall back to local storage.

if (authorize) {
} else {
  localStorage.setItem("token", token);

setTimeout(function () {
}, 1000);

Checkout our this Power-Up example Glitch project to see a practical example of how to use t.authorize.

Rate this page: