Creating redirect

The first step of OAuth is to add a button to your app that redirects the user to EdgeTag. Once the user clicks on the button, you should have a URL that looks like the one below.

For edgeTagUrl you should use the UI URL (see Implementation page for URLs).

Example of how to redirect to our sandbox

const edgeTagUrl = 'https://app-sandbox.edgetag.io/oauth/app/login'
const verifier = 'my secret text'

const url = new URL(edgeTagUrl)
url.searchParams.append('client_id', 'd0272c42-7ecc-4899-a1a7-0801a8a9da2f')
url.searchParams.append('redirect_uri', 'https://yourwebsite.com/login/check')
url.searchParams.append('scope', 'full')
url.searchParams.append('response_type', 'code')
url.searchParams.append('code_challenge', sha256Base64(verifier))
url.searchParams.append('code_challenge_method', 'S256')

window.location.href = url.toString()

Let's look at each search parameter that you can set.

client_id

This is the ID that you got when you created the OAuth app inside EdgeTag UI.

redirect_uri

URI where you would like to redirect after the user completes OAuth inside EdgeTag. If you want to pass some additional property, you can use state param and store it in there as a base64 encoded string

scope

Right now, we only support full , but will be adding more scopes later on.

response_type

This tells you what the exchange mechanism will be when we redirect back to your app. Right now, we support only code.

code_challenge

To enhance security, we added a code challenge option, which we then double-check when exchanging the code for the token. The code challenge should be SHA-256 hashed and encoded with base64. Make sure that you store verifier as you will need to pass it when you exchange code for the token.

const crypto = require('crypto')
const codeChallenge = crypto.createHash('sha256').update(verifier).digest().toString('base64url')

code_challenge_method

At this point, we only support S256 which is SHA-256 with base64 encoding.

state

The "state" parameter is optional and can be included if you want to send any data from the starting point of the OAuth process back to your application. For instance, if you need to remember the user's selection before they were redirected to OAuth, you can use this parameter for that purpose. It's important to note that the value of "state" should be base64 encoded.

PreviousImplementation NextGetting Access Token

Last updated 3 months ago

Was this helpful?

Good evening

hashtagclient_id

hashtagredirect_uri

hashtagscope

hashtagresponse_type

hashtagcode_challenge

hashtagcode_challenge_method

hashtagstate