Grant Widget User Permissions
To Initiate an OAuth flow within Fluz
Ensure that your OAuth settings are all correct.
Direct your end user to https://fluz.app/authorize
with the following query parameters:
| query param | description |
|---|---|
| response_type | To make an OAuth permissions request, this will be the value code. |
| client_id | The OAuth client ID for your app from the OAuth settings. |
| redirect_uri | the redirect_uri set in your app from the OAuth settings. |
| scopes | a space delimited list of the scopes you wish the user to agree to. This list should be a subset of the scopes you selected for your OAuth settings. If you add a scope that you have not enabled for your app, it will be ignored. |
| state | an optional field that can be used to persist some information on your client, as it will be included with a successful OAuth redirect. |
The list of available scopes can be found here: Application Scopes
Here is a sample of the expected format:
https://fluz.app/authorize?response_type=code&client_id=dab5c80e-0321-4c3a-988a-ffedfd64d8db&redirect_uri=https://google.com/oauth/finalize&scopes=MAKE_DEPOSIT%20LIST_PAYMENT%20MAKE_WITHDRAW%20REVEAL_VIRTUALCARDExample of the OAuth client UI:
Expected Response
If you have the URL built properly, and the URL matches the configuration, you can expect for the client to be redirected to your redirect_uri with the following query parameters:
| query params | description |
|---|---|
| code | The authorization code tied to that user's OAuth scopes grant. This code is used to exchange for a first-class accessToken and refreshToken that contain the scopes that the user has agreed to. See Exchanging an OAuth token for more information. |
| state | the same value you passed in the initial request, unmodified. |
If the URL has not been configured properly, the response from the URL will include an error message describing the error.
Updated 1 day ago