API Reference

Step 2: Request user for authorization

This step of the authorization flow requests the user to install and authorize your app. If the user is not signed in, the user is redirected to the sign-in page. After signing in, the user is redirected to a page where the user needs to install and authorize your app. After the user installs and authorizes your app, it will be redirected back to redirect_uri with the authorization code value.

Prerequisites


User authorization

To obtain authorization for your app:

  1. Send the request authorization link to the user.
    For more information, see Create authorization request link.
  2. Request the user to open the request authorization link in their browser.
    Using our earlier example, the user opens the following link in their browser:
https://app.marq.com/oauth2/authorizeAccount?response_type=code&client_id=VZA23fds203t2o4KP6o30yQaXNfSsZ0X&scope=data-service.admin%20project.templates%20project.content%20account.user%20account.webhook%20offline_access&redirect_uri=https%3A%2F%2Fabc.com%2Fv1%2Fcallback

The Grant Access page appears in the user's browser.

  1. The user must click the Grant Access button.

  1. Marq redirects the user to the redirect_uri provided in your authorization request link.
    The redirect URI also contains the following response data:
    1. A temporary authorization code in the code parameter. The client app uses the authorization code to obtain an access token. The authorization code can only be used once and it expires 10 minutes after being issued. Note this code as you need it in the next step of the authorization flow.
    2. If you provided a value for the state parameter in the authorization request link, the same state string is returned in the state parameter.

Using our earlier example, the user is redirected to the following URI as a response:

https://localhost:3000/?code= eyJtaXJvLm9yaWdpbiI6ImV1MDEifQ_IIze1u&state=123xyz&client_id=VZA23fds203t2o4KP6o30yQaXNfSsZ0X

Test redirect URI

As a service, Marq provides a redirect URI that can be used to allow the user to copy the authorization code to the clipboard.

To use it, register the redirect URI:


https://users.app.marq.com/oauth2/clients/{client id}/redirect

When this redirect URI is used and a user grants access to the app, Lucid will redirect the user to a page on our site where they can view and copy the authorization code.