If using PhoneGap you will need to launch the InAppBrowser plugin in order to present a web browser to the user for authentication. Once the user has authenticated you can grab the code from the final URI and then close the browser and return to you application.

Get an Authorization Code

function openLoginWindow() {
    // Uses the inAppBrowser phoneGap plugin to open the Actionstep login window inside the app
    var redirectUri = 'http://YOUR_URI.com';
    var clientId = 'INSERT YOUR CLIENT ID HERE';
    var apiCodeUrl = encodeURI('https://fe-api.actionsteplabs.com/api/oauth/authorize?client_id=' + clientId + '&redirect_uri=' + redirectUri + '&response_type=code&scope=actions');
    var loginWindow = window.open(apiCodeUrl, '_blank', 'location=yes');  // inAppBrowser will open the window 
    
    loginWindow.addEventListener('loadstart', function(event) {  
        var codeStartPos = -1;	
        var authCode = '';
        var accessToken = '';
        var apiTokenUri = 'https://fe-api.actionsteplabs.com/api/oauth/token';
        var resultObj = {};
        var tokenExpiresAt = new Date();
        
        // Let Actionstep run through the pages until we hit the redirect page
        if (event.url.indexOf(redirectUri) == 0) {
            // Get the "code" parameter from the url of the redirect page
            if ((codeStartPos = event.url.indexOf("code=")) > 0) {
                codeStartPos += 5; // Get past the 'code=' string
                authCode = event.url.substr(codeStartPos);
                loginWindow.close();	
                
                jQuery.ajax({
                    type: "POST",
                    url: apiTokenUri,
                    data: {code: authCode, client_id: clientId, grant_type: 'authorization_code', redirect_uri: redirectUri}
                })
                .done(function(status) {
                    resultObj = jQuery.parseJSON(status);
                    // Save the API session data
                    localStorage.api_access_token = resultObj.access_token;
                    localStorage.api_refresh_token = resultObj.refresh_token;
                    tokenExpiresAt.setSeconds(tokenExpiresAt.getSeconds() + resultObj.expires_in);  // Add the expiry time to now
                    localStorage.api_token_expires_at = tokenExpiresAt.toString();
                    localStorage.api_token_type = resultObj.token_type;
                    localStorage.api_api_endpoint = resultObj.api_endpoint;
                })
                .fail(function(error) {
                    alert(JSON.stringify(error));
                });
            }
            else {  // Could not find the code paramater
                loginWindow.close();	
                alert("Failed to get an auth code from Actionstep. Please try again.");
            }
        }
    });
}

Refresh Token

function refreshToken() {
    var redirectUri = 'http://YOUR_URI.com';
    var clientId = 'YOUR CLIENT ID';
    var apiTokenUri = 'https://fe-api.actionsteplabs.com/api/oauth/token';
    var resultObj = {};
    var tokenExpiresAt = new Date();
    
    if (localStorage.api_refresh_token == false) {
        window.location.href = "#page_login";
        return;
    }
    jQuery.ajax({
        type: "POST",
        url: apiTokenUri,
        data: {refresh_token: localStorage.api_refresh_token, client_id: clientId, grant_type: 'refresh_token', redirect_uri: redirectUri}
    })
    .done(function(status) {
        resultObj = jQuery.parseJSON(status);
        // Save the API session data
        localStorage.api_access_token = resultObj.access_token;
        localStorage.api_refresh_token = resultObj.refresh_token;
        tokenExpiresAt.setSeconds(tokenExpiresAt.getSeconds() + resultObj.expires_in);  // Add the expiry time to now
        localStorage.api_token_expires_at = tokenExpiresAt.toString();
        localStorage.api_token_type = resultObj.token_type;
        localStorage.api_api_endpoint = resultObj.api_endpoint;
    })
    .fail(function(error) {
        alert(JSON.stringify(error));
    });
}

Get Some Data

jQuery(document).on("pageshow", "#page_actions", function() {
    jQuery.ajax({
        type: "GET",
        url: 'https://fe-api.actionsteplabs.com/api/rest/actions',
        headers: {'Content-Type': 'application/vnd.api+json', 'Accept': 'application/vnd.api+json', 'Authorization': 'Bearer ' + localStorage.api_access_token}
    })
    .done(function(result) {
        resultObj = jQuery.parseJSON(result);
        alert(resultObj);
    })
    .fail(function(errmsg) {
        alert(JSON.stringify(errmsg));
    });
});

Browser not supported