Public Quickstart
Purpose: Start PKCE and user-session flows from frontend or mobile code.
Use this when: You are writing browser or mobile code.
Do not use this when: You need Content, Search, or client_secret.
Backend required: Usually yes.
Allowed runtimes: Browser apps, mobile apps.
Required credentials: client_id.
Minimal import: @quranjs/api/public.
Minimal Example
import { createPublicClient } from "@quranjs/api/public";
const client = createPublicClient({
clientId: "your-client-id",
clientType: "confidential-proxy",
});
const authUrl = client.oauth2.v1.authorizeUrl({
client_id: "your-client-id",
redirect_uri: "http://localhost:3000/callback",
response_type: "code",
scope: "openid offline_access user bookmark collection",
state: "random-state",
});
If You Already Have a User Session
const client = createPublicClient({
clientId: "your-client-id",
clientType: "confidential-proxy",
userSession: {
accessToken: "user-access-token",
},
});
const collections = await client.auth.v1.collections.list();
With an existing user session and the post scope, the public client can use
the same QuranReflect post helper shape documented in
QuranReflect Posts.
Common Mistakes
- Putting
client_secretin frontend code. - Calling Content or Search from
public. - Calling
oauth2/tokendirectly for a confidential client.