Arctic

Mercado Pago

OAuth 2.0 provider for Mercado Pago. This client requires PKCE to be enabled in your application settings.

Also see the OAuth 2.0 with PKCE guide.

Initialization

import * as arctic from "arctic";

const mercadopago = new arctic.MercadoPago(clientId, clientSecret, redirectURI);

Create authorization URL

import * as arctic from "arctic";

const state = arctic.generateState();
const url = mercadopago.createAuthorizationURL(state);

Validate authorization code

validateAuthorizationCode() will either return an OAuth2Tokens, or throw one of OAuth2RequestError, ArcticFetchError, UnexpectedResponseError, or UnexpectedErrorResponseBodyError. Mercado Pago returns an access token and its expiration by default.

import * as arctic from "arctic";

try {
	const tokens = await mercadopago.validateAuthorizationCode(code);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
		const code = e.code;
		// ...
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
		const cause = e.cause;
		// ...
	}
	// Parse error
}

Refresh tokens

Add the offline_access scope to get a refresh token.

const tokens = await mercadopago.validateAuthorizationCode(code, codeVerifier);
const refreshToken = tokens.refreshToken();

Use refreshAccessToken() to get a new access token using a refresh token. Mercado Pago returns the same values as during the authorization code validation. This method also returns OAuth2Tokens and throws the same errors as validateAuthorizationCode()

import * as arctic from "arctic";

try {
	const tokens = await mercadopago.refreshAccessToken(refreshToken);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
	}
	// Parse error
}