This step of the authorization flow requests the user to install and authorize your app. If the user is not signed in, the user is redirected to the sign-in page. After signing in, the user is redirected to a page where the user needs to install and authorize your app. After the user installs and authorizes your app, it will be redirected back to redirect_uri with the authorization code value.
Prerequisites
User Authorization
To obtain authorization for your app:
- Send the request authorization link to the user.
For more information, see Create authorization request link. - Request the user to open the request authorization link in their browser.
Using our earlier example, the user opens the following link in their browser:
https://miro.com/oauth/authorize?response_type=code&client_id=3074457363680401096&redirect_uri=https://localhost:3000/&state=123xyz&team_id=3074457362577833142
The Install & authorize page appears in the user's browser.
- The user must click the Install & authorize button.
-
Miro redirects the user to the
redirect_uriprovided in your authorization request link.
The redirect URI also contains the following response data:-
A temporary authorization code in the
codeparameter. The client app uses the authorization code to obtain an access token. The authorization code can only be used once and it expires 10 minutes after being issued. Note this code as you need it in the next step of the authorization flow. -
If you provided a value for the
stateparameter in the authorization request link, the same state string is returned in thestateparameter.
-
Using our earlier example, the user is redirected to the following URI as a response:
https://localhost:3000/?code= eyJtaXJvLm9yaWdpbiI6ImV1MDEifQ_IIze1u&state=123xyz&client_id=3074457363680401096&team_id=3074457362577833142
Where:
| Response parameter | Description | Sample value |
|---|---|---|
redirect_uri | URI of the page that loaded after the user provided the authorization. | https://localhost:3000 |
code | Temporary authorization code that can be exchanged with an access token. The authorization code can only be used once and it expires 10 minutes after being issued. The client app uses the authorization code to obtain an access token. Note this code as you need it in the next step of the authorization flow. | eyJtaXJvLm9yaWdpbiI6ImV1MDEifQ_IIze1u |
state | The same state value that was provided in the authorization request URL. | 123xyz |
client_id | The Client ID of the app that is requesting for user authorization. | 3074457363680401096 |
team_id | Team ID for the team where the app is being installed. As the app is authorized on a per-user basis, you must obtain authorization from each user. | 3074457362577833142 |