Grant Widget User Permissions

To Initiate an OAuth flow within Fluz

Ensure that your OAuth settings are all correct.

Direct your end user to https://fluz.app/authorize

with the following query parameters:

query paramdescription
response_typeTo make an OAuth permissions request, this will be the value code.
client_idThe OAuth client ID for your app from the OAuth settings.
redirect_urithe redirect_uri set in your app from the OAuth settings.
scopesa space delimited list of the scopes you wish the user to agree to. This list should be a subset of the scopes you selected for your OAuth settings. If you add a scope that you have not enabled for your app, it will be ignored.
statean optional field that can be used to persist some information on your client, as it will be included with a successful OAuth redirect.

The list of available scopes can be found here: Application Scopes

Here is a sample of the expected format:

https://fluz.app/authorize?response_type=code&client_id=dab5c80e-0321-4c3a-988a-ffedfd64d8db&redirect_uri=https://google.com/oauth/finalize&scopes=MAKE_DEPOSIT%20LIST_PAYMENT%20MAKE_WITHDRAW%20REVEAL_VIRTUALCARD

Example of the OAuth client UI:

Sample OAuth permissions page

Expected Response

If you have the URL built properly, and the URL matches the configuration, you can expect for the client to be redirected to your redirect_uri with the following query parameters:

query paramsdescription
codeThe authorization code tied to that user's OAuth scopes grant. This code is used to exchange for a first-class accessToken and refreshToken that contain the scopes that the user has agreed to. See Exchanging an OAuth token for more information.
statethe same value you passed in the initial request, unmodified.

If the URL has not been configured properly, the response from the URL will include an error message describing the error.