February 2012
Beginner to intermediate
78 pages
2h 13m
English
Content preview from Getting Started with OAuth 2.0Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Step-by-Step
Like in the case of the flow for Server-side Web Applications described in Chapter 2, you’ll first need to register your application with the API provider (see Developer and Application Registration).
After registration is complete, it’s time to write some code! We’ll use simple HTML and JavaScript for this example.
Step 1: Let the user know what you’re doing and request authorization
This step is very similar to the Authorization Code flow. Since requesting data access requires redirecting your users to the authorization server, it’s a best practice to let them know in advance what will happen. You can do this by displaying a message, along with a link that directs the user to the OAuth authorization endpoint.
You can find the URL for the OAuth authorization endpoint in the API provider’s documentation. For Google Tasks (and all other Google APIs using OAuth 2.0), the authorization endpoint is at
https://accounts.google.com/o/oauth2/auth
You will need to specify a few query parameters with this link:
client_idThe value provided to you when you registered your application.
redirect_uriThe location the user should be returned to after they approve access for your app. For this example, the application will use
https://photoviewer.saasyapp.com/oauth_response.html.scopeThe data your application is requesting access to. This is specified as a list of space-delimited strings. Valid values for the
scopeshould be included in the API provider documentation. For Google Contacts, the ...