# OAuth2 Implicit Grant [“Implicit Grant” in the OAuth2 RFC](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2) 1. Send the user you want to authenticate to your registered redirect URI. An authorization page will ask the user to sign up or log into Pulsoid and allow the user to choose whether to authorize your application/identity system. Create a `login`: ```bash GET https://pulsoid.net/oauth2/authorize ?client_id= &redirect_uri= &response_type=token &scope= &state= ``` Parameters explained:

Name	Type	Description
client_id	string	Your client ID.
redirect_uri	string	Your registered redirect URI. This must exactly match the redirect URI registered in the prior.
response_type	string	Should be always `token`
scope	string	Comma-separated list of scopes.
state	string	Your unique token, generated by your application. This is an OAuth 2.0 opaque value, used to avoid CSRF attacks. This value is echoed back in the response.

In our example, you request access to read heart rate data and send the user to ```bash GET 'https://pulsoid.net/oauth2/authorize?response_type=token&client_id=3d3fa070-8358-4984-ae32-94392185df63&redirect_uri=http://localhost&scope=data:heart_rate:read&state=a52beaeb-c491-4cd3-b915-16fed71e17a8' ``` 2. If the user authorizes your application, the user is redirected to your redirect URL: ```bash https:///#token=token_type=bearer&access_token=&expires_in=90000&scope=data:heart_rate:read&state= ``` 3. After redirecting the application developer can access access\_token from the fragment of the page's URL. [Validate authorization token.](https://docs.pulsoid.net/access-token-management/validate-authorization-token) [How To Validate Authorization Token?](https://docs.pulsoid.net/access-token-management/validate-authorization-token)