OAuth Setup

Step-by-step process for setting up the OAuth

Step 1: User Authorization Request

First, direct the user to the authorization endpoint of the OAuth server. Construct the request as follows:

https://swaye.me/oauth2?response_type=code&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}&scope={SCOPE}&state={STATE}

Replace {CLIENT_ID}, {REDIRECT_URI}, {SCOPE}, and {STATE} with your client ID, redirect URI, required scopes, and a unique state value to prevent CSRF attacks.

Step 2: User Authentication

The user will be prompted to log in (if not already logged in) and consent to the requested permissions. The OAuth server handles this process.

Step 3: Authorization Code Issuance

Upon successful authentication and consent, the OAuth server redirects the user back to your redirect_uri with an authorization code:

GET {REDIRECT_URI}?code={AUTHORIZATION_CODE}&state={STATE}

Check that the state matches the one you sent in Step 1 to confirm the request's authenticity.

Step 4: Exchange Authorization Code for an Access Token

Make a POST request from your server (not the client) to the OAuth server's token endpoint to exchange the authorization code for an access token:

POST https://swaye.me/api/oauth2/accessToken
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code={AUTHORIZATION_CODE}&redirect_uri={REDIRECT_URI}&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}

Step 5: Handle the Response

The OAuth server will respond with a JSON payload containing the access_token, refresh_token (optional), and other token details:

{
    "access_token": "{ACCESS_TOKEN}",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "{REFRESH_TOKEN}",
    "scope": "{SCOPE}"
}

PreviousGetting Started NextAPI Reference

Last updated 8 months ago