# Authorization

> **After approval Client will be given with client\_id and client\_secret.**

This is the first request in the OAuth process when the client requests for authorization code by redirecting to the following URL:

{% hint style="success" %}
[**`{OAUTH_URL}/v1/oauth/authorize?client_id=07d60911ce2a37239becf5d90811324a&response_type=code&redirect_uri={client_redirect_url}&scope={requested_scopes}&state={client_state}`**](https://accounts.xoxoday.com/v1/oauth/authorize?client_id=07d60911ce2a37239becf5d90811324a\&response_type=code\&redirect_uri=%7Bclient_redirect_url%7D\&scope=%7Brequested_scopes%7D\&state=%7Bclient_state%7D)
{% endhint %}

#### **`Parameters`**

| **`Parameters`** | Description                                                                                                                                                                                                                                                               |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `client_id*`     | `This is the client_id value that you received upon registration.`                                                                                                                                                                                                        |
| `response_type*` | `Although Oauth supports different response_type values. The only value supported by Xoxoday is code`                                                                                                                                                                     |
| `redirect_uri*`  | `The URL domain must match to url which you have shared in the registration STEP 1.`                                                                                                                                                                                      |
| `scope*`         | `The scope values must be the values mentioned as below. If there are multiple scopes send them separated by commas. For eg. profile_read,points_read,feed_manage. If the authorization request is for company session generation then user_session scope is compulsory.` |
| `state`          | `As per Oauth protocol, this value is optional. This value is generated by the client. When the authorization request is completed the same value is passed to the client in the redirected URL so that client can verify the request.`                                   |

**`Scopes :`**

{% hint style="info" %}
**`Company Scopes`** 

**`user_session (Used only for the case of Company access_token generation)`**

**`company_session`** 
{% endhint %}

**`Oauth URL For:`** 

{% hint style="info" %}
Development - [https://stagingaccount.xoxoday.com/chef](https://staging.xoxoday.com/chef)

Production - <https://accounts.xoxoday.com/chef>
{% endhint %}

{% tabs %}
{% tab title="Sucess" %}

> `If all the above parameters are validated successfully and user is already authenticated, then the user is redirected to following authorization consent page.`

<figure><img src="https://1597622271-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MOeXh7erUO5h_LVpN85%2Fuploads%2F8I3ZoOjBHGxpbuexrMEe%2FScreenshot%202022-09-05%20at%2010.58.00%20AM.png?alt=media&#x26;token=fcc74b5e-5668-41ae-8623-0ce41a949d2e" alt=""><figcaption></figcaption></figure>
{% endtab %}

{% tab title="Failure" %}
`If the user is not authenticated, then the user will be redirected to the following login/signup page.`

<figure><img src="https://1597622271-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MOeXh7erUO5h_LVpN85%2Fuploads%2FrunWpdtdUG9SifNw5pPS%2FScreenshot%202022-09-05%20at%2011.01.38%20AM.png?alt=media&#x26;token=42def3e4-7199-4096-8594-256cca21019c" alt=""><figcaption></figcaption></figure>
{% endtab %}
{% endtabs %}

{% hint style="success" %}
After authentication, the user will again be redirected to the authorization consent(allow/deny) page.
{% endhint %}

{% tabs %}
{% tab title="Allow" %}
**If the user allowed the request then the browser will be redirected to the following URL:**

> **{client\_redirect\_url}?code=exxxx69660xxxxa6413c17d897xxxxx99\&state={client\_state}**
> {% endtab %}

{% tab title="Deny" %}
**If the user is denied access then the browser will be redirected to the following URL:**

> **{client\_redirect\_url}?error=access\_denied\&error\_description=The+user+denied+the+request\&state={client\_state}**

{% endtab %}
{% endtabs %}

{% hint style="success" %}
In the above-redirected URL, code is a temporary token created on account of client allowed access which is valid for 5 min duration. Later this code is exchanged for access\_token which is used for accessing xoxoday resources granted based on the scopes allowed by the user.
{% endhint %}

<br>