Step 2: Request user for authorization

This step of the authorization flow requests the user to install and authorize your app. If the user is not signed in, the user is redirected to the sign-in page. After signing in, the user is redirected to a page where the user needs to install and authorize your app. After the user installs and authorizes your app, it will be redirected back to redirect_uri with the authorization code value.

Prerequisites

User Authorization

To obtain authorization for your app:

  1. Send the request authorization link to the user.
    For more information, see Create authorization request link.
  2. Request the user to open the request authorization link in their browser.
    Using our earlier example, the user opens the following link in their browser:
https://miro.com/oauth/authorize?response_type=code&client_id=3074457363680401096&redirect_uri=https://localhost:3000/&state=123xyz&team_id=3074457362577833142

The Install & authorize page appears in the user's browser.

  1. The user must click the Install & authorize button.
302
  1. Miro redirects the user to the redirect_uri provided in your authorization request link.
    The redirect URI also contains the following response data:

    • A temporary authorization code in the code parameter. The client app uses the authorization code to obtain an access token. The authorization code can only be used once and it expires 10 minutes after being issued. Note this code as you need it in the next step of the authorization flow.

    • If you provided a value for the state parameter in the authorization request link, the same state string is returned in the state parameter.

Using our earlier example, the user is redirected to the following URI as a response:

https://localhost:3000/?code= eyJtaXJvLm9yaWdpbiI6ImV1MDEifQ_IIze1u&state=123xyz&client_id=3074457363680401096&team_id=3074457362577833142

Where:

Response parameterDescriptionSample value
redirect_uriURI of the page that loaded after the user provided the authorization.https://localhost:3000
codeTemporary authorization code that can be exchanged with an access token. The authorization code can only be used once and it expires 10 minutes after being issued. The client app uses the authorization code to obtain an access token. Note this code as you need it in the next step of the authorization flow.eyJtaXJvLm9yaWdpbiI6ImV1MDEifQ_IIze1u
stateThe same state value that was provided in the authorization request URL.123xyz
client_idThe Client ID of the app that is requesting for user authorization.3074457363680401096
team_idTeam ID for the team where the app is being installed. As the app is authorized on a per-user basis, you must obtain authorization from each user.3074457362577833142