Authoring OAuth App
The flow of OAuth authorization is as follows:
- Users are redirected to request their Guizhan Account authorization.
- Users are redirected back to your app.
- Your app accesses our API with user’s access token.
1. Request authorization
Section titled “1. Request authorization”GET https://account.guizhanss.com/oauth/authorizeThis endpoint takes following query parameters:
| Query parameter | Type | Required? | Description |
|---|---|---|---|
client_id | string | Required | The client ID you received after creating OAuth app. |
redirect_uri | string | Recommended | The redirect URI of your OAuth App. If left out, we will redirect users to the callback URL configured in the OAuth app settings. If provided, the domain of redirect URL must be in the list of allowed domains. |
scope | string | Context dependent | A comma-delimited list of scopes. See Scopes for more information. |
state | string | Recommended | An unguessable random string. It is used to protect against cross-site request forgery attacks. |
2. Users are redirected back
Section titled “2. Users are redirected back”If the user accepts your request, Guizhan Account redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step. The temporary code will expire after 10 minutes. If the states don’t match, then a third party created the request, and you should abort the process.
If authorization is aborted, the user is redirected back to your site with a code parameter and message parameter explaining the reason. Check API error codes for more information
Exchange access token with the given code:
POST https://account.guizhanss.com/oauth/tokenThis endpoint takes following parameters:
| Parameter | Type | Required? | Description |
|---|---|---|---|
client_id | string | Required | The client ID you received after creating OAuth app. |
client_secret | string | Required | The client secret you received after creating OAuth app. |
code | string | Required | The temporary code you received after authorization. |
redirect_uri | string | Recommended | The redirect URI of your OAuth App. If you provided redirect_uri in the authorization request, it must match the redirect URI you provide in this request. |
You will get a similar JSON response as follows:
{ "access_token": "ACCESS_TOKEN", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "REFRESH_TOKEN", "scope": "user:email"}3. Use access token to access our API
Section titled “3. Use access token to access our API”The access token allows you to make requests to our API on behalf of the user.
Authorization: Bearer OAUTH-TOKENScopes
Section titled “Scopes”The scope parameter is context dependent.
If scope parameter is left out, The For example, if the user has already authorized your app with user:read scope, and you provide user:update scope, the final scope will be user:read,user:update.
If scope parameter is left out and the user has already authorized your app, the existing scopes will be used.
See Scopes for available scopes.