Step 2: Handle Authorization Response

Assuming the user approves the request, an authorization code is generated and sent back to your application via the query string of the ENCODED_REDIRECT_URL. If the authorization request included state, the exact same value will be returned in the authorization response.

Which follows this format (line breaks added for clarity):

GET https://example.org/?
    code=<CODE>&
    state=<STATE>

For example (line breaks added for clarity):

GET https://example.org/?
    code=1fe21db7d29e61a9dd90da9eef675ea8&
    state=dzRBV1RxdWg5S0JWUTBhMGpEUy9NT3lGS2xjbkRsMHBDeEJDTXdPS1JpRzhlS3FFRmorOHo2SUoxZmlYb0o4dE8wRGM3Nnhwd0xNbWRIUWUvSmptM2c9PS0tSk4yM1Y2ckR1WmZCUGxjc3JBWDBhdz09--e6f508aa05569a93aaa02414c20ab808e8fbda49

Warning! If the state does not exactly match the state that you are expecting, do not continue.

PreviousStep 1: Generate Authorization URL NextStep 3: Request an Access Token

Last updated 3 years ago