Skip to main content
For the conceptual overview, see Authentication. This page documents the exact GraphQL contracts on the OAuth service at https://oauth-service.fluzapp.com.

generateUserAccessToken

Mint an access token from an application’s clientId / clientSecret (own account) or from an OAuth authorization code (customer account).

Own-account request

Customer-account request (OAuth code exchange)

Pass the code returned from the authorize redirect along with the same client credentials. Fluz returns a customer-scoped accessToken for that user.

Response

OAuth authorize redirect

Redirect customers to Fluz’s OAuth authorize URL to start a platform flow. On success, Fluz redirects to redirect_uri?code=...&state=.... On denial, redirect_uri?error=access_denied&state=.... Exchange the code via generateUserAccessToken.

Scopes

See the scope table in Authentication. Unknown scopes cause the mutation to fail.