Send the user you want to authenticate to your registered redirect URI. An authorization page will ask the user to sign up or log into Pulsoid and allow the user to choose whether to authorize your application/identity system.
In our example, you request access to read heart rate data and send the user to http://localhost:
GET 'https://pulsoid.net/oauth2/authorize?response_type=code&client_id=3d3fa070-8358-4984-ae32-94392185df63&redirect_uri=http://localhost&scope=data:heart_rate:read&state=a52beaeb-c491-4cd3-b915-16fed71e17a8'
If the user authorizes your application, the user is redirected to your redirect URL:
https://<your registered redirect URI>/?code=<authorization code>&state=<echoed back state your application path on authorization step>
The OAuth 2.0 authorization code is a randomly generated string. It is used in the next step, a request made to the token endpoint in exchange for an access token. In our example, your user gets redirected to:
Your registered redirect URI. This must exactly match the redirect URI registered in the prior.
response_type
string
Should be always code
scope
string
Comma-separated list of scopes.
state
string
Your unique token, generated by your application. This is an OAuth 2.0 opaque value, used to avoid CSRF attacks. This value is echoed back in the response.