OAuth2 Implicit Grant
“Implicit Grant” in the OAuth2 RFC
Send the user you want to authenticate to your registered redirect URI. An authorization page will ask the user to sign up or log into Pulsoid and allow the user to choose whether to authorize your application/identity system.
Create a <a href="">login</a>
:
Parameters explained:
Name | Type | Description |
---|---|---|
client_id | string | Your client ID. |
redirect_uri | string | Your registered redirect URI. This must exactly match the redirect URI registered in the prior. |
response_type | string | Should be always |
scope | string | Comma-separated list of scopes. |
state | string | Your unique token, generated by your application. This is an OAuth 2.0 opaque value, used to avoid CSRF attacks. This value is echoed back in the response. |
In our example, you request access to read heart rate data and send the user to http://localhost
If the user authorizes your application, the user is redirected to your redirect URL:
After redirecting the application developer can access access_token from the fragment of the page's URL. Validate authorization token.
Response mode
To give more flexibilities we in Pulsoid decided to extend the OAuth2 protocol.
Web page response mode
Web page response mode is suitable for mod developers. After authorizing access user will be redirected to the Pulsoid web page with the authorization token. The user can manually copy the authorization token, paste it into the config file, etc.
To enable this capability to add response_mode=web_page
query parameter from step 1)
Implicit Grant.
Example:
Last updated