Oauth - edpuzino/seattle-javascript-401n7 GitHub Wiki
Authorization
Create a "Log In" link sending the user to:
https://authorization-server.com/auth?response_type=code& client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=photos&state=1234zyx
- response_type=code - Indicates that your server expects to receive an authorization code
- client_id - The client ID you received when you first created the application
- redirect_uri - Indicates the URI to return the user to after authorization is complete
- scope - One or more scope values indicating which parts of the user's account you wish to access
- state - A random string generated by your application, which you'll verify later
Token Exchange
Your server exchanges the auth code for an access token:
POST https://api.authorization-server.com/token grant_type=authorization_code& code=AUTH_CODE_HERE& redirect_uri=REDIRECT_URI& client_id=CLIENT_ID& client_secret=CLIENT_SECRET
- grant_type=authorization_code - The grant type for this flow is authorization_code
- code=AUTH_CODE_HERE - This is the code you received in the query string
- redirect_uri=REDIRECT_URI - Must be identical to the redirect URI provided in the original link
- client_id=CLIENT_ID - The client ID you received when you first created the application
- client_secret=CLIENT_SECRET - Since this request is made from server-side code, the secret is included