How to: Perform an OAuth 2.0 Implicit Grant.

This OAuth 2.0 flow is typically used in situations where the app is unable or cannot securely store the client secret. If you are building a Single Page App or a mobile App using JavaScript and a framework like PhoneGap, this is the prefered way to authenticate and call our and your API's from your app.

Initiating the flow

To signin and obtain an access token for the user, you initiate this flow by redirecting the user to the following url:

Example request

GET /{tenant}/oauth2/v1/auth/?
    response_type=token
    &client_id=[YOUR_CLIENT_ID]
    &redirect_uri=https://[YOUR_APP_REDIRECT_URI]/
    &scope=[SCOPES]
    &state=[STATE]

Handling the response

After the user authenticates, we will redirect the token to https://[YOUR_APP_REDIRECT_URI]/

The access token and state will be sent in the url's fragment. This will allow your JavaScript code on the callback page, to get the fragment and parse out the access token and state. Normally you will use the state to remember where the user was before he was redirected to the signin page. The expires_in parameters holds the number of seconds the access token will be valid.

Example response

https://[YOUR_APP_REDIRECT_URI]/#
    access_token=X5678IYHI690UJJJ000
    &token_type=bearer
    &expires_in=960
    &scope=[SCOPES]
    &state=[STATE]

Related sections

GET {tenant}/oauth2/v1/auth
POST {tenant}/oauth2/v1/token
GET {tenant}/oauth2/v1/verify