Versions Compared

Version Old Version 8 New Version 9
Changes made by

Navaneesh Kumar Bajakudlu

Navaneesh Kumar Bajakudlu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Note that this step happens in the browser, initiated by your application’s user. That means code and state are visible in the address bar.

Your application should have a controller in the backend to retrieve code and state from <your_app_redirect_url endpoint. That way, you can use code and state to get the access_token from your backend.

2. Get Access Token

Status
colourYellow
titleENDPOINT Url
POST /api/v1/oauth/token

Note

This step should NOT be done in the browser. Why? You have to pass your client_secret for getting the access_token.

At any cost, you should NOT expose your client_secret to your user.

Status
colourYellow
titleENDPOINT Url
POST /api/v1/oauth/token

Query Parameters

Name

Type

Description

client_id

string

Required. The client ID you received from Citesphere for your App.

client_secret

string

Required. The client secret you received from Citesphere for your App.

code

string

Required. The code you received as a response in the previous step

redirect_uri

string

The URL of the application you configured in Citesphere

state

string

The unguessable random string you provided (and received back) during the previous step.

grant_type

string

Required. Use authorization_code for retrieving anaccess_token.

For a list of values, check https://auth0.com/docs/applications/application-grant-types

...