Pulsoid API Documentation
DashboardRequest CredentialsDiscord
  • Intro
  • Access Token Management
    • OAuth2 Implicit Grant
    • OAuth2 Authorization Code Grant
    • OAuth2 Client Credentials Grant Type(server token)
    • Manual Token Issuing
    • OAuth2 Refreshing the token
    • Revoke authorization token
    • Validate authorization token
    • List of supported scopes
  • Read Heart Rate
    • Read Latest Heart Rate via HTTP
    • Read Heart Rate via WebSocket
    • Page
    • Read Statistics
  • Widgets Management
    • Widget Entity
    • Create Widget
    • Read Widget
    • Update Widget
  • Read Profile Information
  • Error Code Format
  • VRChat
    • VRChat World Integration
Powered by GitBook
On this page
  1. Access Token Management

OAuth2 Implicit Grant

PreviousAccess Token ManagementNextOAuth2 Authorization Code Grant

Last updated 2 years ago

  1. Send the user you want to authenticate to your registered redirect URI. An authorization page will ask the user to sign up or log into Pulsoid and allow the user to choose whether to authorize your application/identity system.

Create a <a href="">login</a>:

GET https://pulsoid.net/oauth2/authorize
    ?client_id=<your client ID>
    &redirect_uri=<your registered redirect URI>
    &response_type=token
    &scope=<space-separated list of scopes>
    &state=<unique token, generated by your application>

Parameters explained:

Name
Type
Description

client_id

string

Your client ID.

redirect_uri

string

Your registered redirect URI. This must exactly match the redirect URI registered in the prior.

response_type

string

Should be always token

scope

string

Comma-separated list of scopes.

state

string

Your unique token, generated by your application. This is an OAuth 2.0 opaque value, used to avoid CSRF attacks. This value is echoed back in the response.

In our example, you request access to read heart rate data and send the user to http://localhost

GET 'https://pulsoid.net/oauth2/authorize?response_type=token&client_id=3d3fa070-8358-4984-ae32-94392185df63&redirect_uri=http://localhost&scope=data:heart_rate:read&state=a52beaeb-c491-4cd3-b915-16fed71e17a8'
  1. If the user authorizes your application, the user is redirected to your redirect URL:

https://<your registered redirect URI>/#token=token_type=bearer&access_token=<access token>&expires_in=90000&scope=data:heart_rate:read&state=<echoed back state your application path on authorization step> 

Response mode

To give more flexibilities we in Pulsoid decided to extend the OAuth2 protocol.

Web page response mode

Web page response mode is suitable for mod developers. After authorizing access user will be redirected to the Pulsoid web page with the authorization token. The user can manually copy the authorization token, paste it into the config file, etc.

Example:

GET https://pulsoid.net/oauth2/authorize
    ?client_id=<your client ID>
    &redirect_uri=<your registered redirect URI>
    &response_type=token
    &scope=<space-separated list of scopes>
    &state=<unique token, generated by your application>
    &response_mode=web_page

After redirecting the application developer can access access_token from the fragment of the page's URL.

To enable this capability to add response_mode=web_page query parameter from step 1)

response mode webpage sample

“Implicit Grant” in the OAuth2 RFC
Validate authorization token.
Implicit Grant.
How To Validate Authorization Token?