Authorization
The first request in the OAuth process when the client requests for authorization code
Last updated
The first request in the OAuth process when the client requests for authorization code
Last updated
After approval Client will be given with client_id and client_secret.
This is the first request in the OAuth process when the client requests for authorization code by redirecting to the following URL:
Parameters
Parameters
Description
client_id*
This is the client_id value that you received upon registration.
response_type*
Although Oauth supports different response_type values. The only value supported by Xoxoday is code
redirect_uri*
The URL domain must match to url which you have shared in the registration STEP 1.
scope*
The scope values must be the values mentioned as below. If there are multiple scopes send them separated by commas. For eg. profile_read,points_read,feed_manage. If the authorization request is for company session generation then user_session scope is compulsory.
state
As per Oauth protocol, this value is optional. This value is generated by the client. When the authorization request is completed the same value is passed to the client in the redirected URL so that client can verify the request.
Scopes :
Company Scopes
user_session (Used only for the case of Company access_token generation)
company_session
Oauth URL For:
Development - https://stagingaccount.xoxoday.com/chef
Production - https://accounts.xoxoday.com/chef
If all the above parameters are validated successfully and user is already authenticated, then the user is redirected to following authorization consent page.
After authentication, the user will again be redirected to the authorization consent(allow/deny) page.
If the user allowed the request then the browser will be redirected to the following URL:
{client_redirect_url}?code=exxxx69660xxxxa6413c17d897xxxxx99&state={client_state}
In the above-redirected URL, code is a temporary token created on account of client allowed access which is valid for 5 min duration. Later this code is exchanged for access_token which is used for accessing xoxoday resources granted based on the scopes allowed by the user.