Step 2: Handle Authorization Response
Assuming the user approves the request, an authorization code is generated and sent back to your application via the query string of the ENCODED_REDIRECT_URL. If the authorization request included state, the exact same value will be returned in the authorization response.
Which follows this format (line breaks added for clarity):
GET https://example.org/?
code=<CODE>&
state=<STATE>
For example (line breaks added for clarity):
GET https://example.org/?
code=1fe21db7d29e61a9dd90da9eef675ea8&
state=dzRBV1RxdWg5S0JWUTBhMGpEUy9NT3lGS2xjbkRsMHBDeEJDTXdPS1JpRzhlS3FFRmorOHo2SUoxZmlYb0o4dE8wRGM3Nnhwd0xNbWRIUWUvSmptM2c9PS0tSk4yM1Y2ckR1WmZCUGxjc3JBWDBhdz09--e6f508aa05569a93aaa02414c20ab808e8fbda49
Warning! If the state
does not exactly match the state that you are expecting, do not continue.
Last updated
Was this helpful?