Guide to OAuth2 /account/authorize Endpoint
/account/authorize EndpointThe /account/authorize endpoint in OAuth2 is used to initiate the authorization process, allowing users to grant third-party applications access to their resources securely.
How /account/authorize works
/account/authorize works- The client (your app) redirects the user to the
/account/authorize/endpoint with specific query parameters. - The user logs in (if not already) and consents to the requested access.
- The authorization server redirects the user back to the client with an access token.
Example /account/authorize url
/account/authorize urlhttps://lzt.market/account/authorize?client_id=5ggftt92ww&response_type=token&scope=read%20post
https://lolz.live/account/authorize?client_id=5ggftt92ww&response_type=token&scope=read%20post
Query Parameters
| Parameter | Description |
|---|---|
response_type | Determines the type of response expected. Currently can be only token. |
client_id | The unique identifier for your application. |
redirect_uri | The URL where the user will be redirected after authorization. |
scope | A space-separated list of requested permissions (basic, read, post, conversate, market). |
state | A random string to prevent CSRF attacks and track the client session. |
Server Responses
Successful Authorization
If the user approves, they are redirected to the redirect_uri with an token:
https://example.url/callback#client_id=client_id&user_id=0&expire_date=0&scope=post+read&issue_date=0&hidden_token=0&token_id=0&access_token=jwt_token&state=| Parameter | Description |
|---|---|
client_id | The unique identifier for your application |
user_id | User id. |
expire_date | Token expiration date. (Currently it's 1 year since token was issued) |
scope | Permissions granted by the user. |
issue_date | Date and time the token was issued. |
hidden_token | A token not exposed directly to the client. |
token_id | Unique id for the token. |
access_token | User token. |
state | The same value sent in the request, used to validate the response |
Error Response
If the user denies access or an error occurs:
https://example.url/callback?error=invalid_request&error_description=Invalid+or+missing+response+type&state=| Error name | Description |
|---|---|
invalid_request | Malformed request. |