Step-by-Step
Like in the case of the flow for Server-side Web Applications described in Chapter 2, you’ll first need to register your application with the API provider (see Developer and Application Registration).
After registration is complete, it’s time to write some code! We’ll use simple HTML and JavaScript for this example.
Step 1: Let the user know what you’re doing and request authorization
This step is very similar to the Authorization Code flow. Since requesting data access requires redirecting your users to the authorization server, it’s a best practice to let them know in advance what will happen. You can do this by displaying a message, along with a link that directs the user to the OAuth authorization endpoint.
You can find the URL for the OAuth authorization endpoint in the API provider’s documentation. For Google Tasks (and all other Google APIs using OAuth 2.0), the authorization endpoint is at
https://accounts.google.com/o/oauth2/auth
You will need to specify a few query parameters with this link:
client_idThe value provided to you when you registered your application.
redirect_uriThe location the user should be returned to after they approve access for your app. For this example, the application will use
https://photoviewer.saasyapp.com/oauth_response.html.scopeThe data your application is requesting access to. This is specified as a list of space-delimited strings. Valid values for the
scopeshould be included in the API provider documentation. For Google Contacts, the ...
Get Getting Started with OAuth 2.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
