h Fix OAuth explanation in documentation

Fix OAuth explanation in documentation

Open mkdir-washington-edu opened this issue 6 years ago • 0 comments

trafficstars

This is from feedback from Ghotit, found in ZD here: https://hypothesis.zendesk.com/agent/tickets/5816

https://h.readthedocs.io/en/latest/api/using-oauth/#implementing-oauth-flow In paragraph 2:

After the user authorizes the application, it will receive an authorization code via a call to the redirect URI. The application must exchange this code for an access token by making a request to the POST /api/token endpoint as described in 4.1.3 Access Token Request.

POST /api/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded

client_id=631206c8-7792-11e7-90b3-872e79925778&code=V1bjcvKDivRUc6Sg1jhEc8ckDwyLNG&grant_type=authorization_code

However, according to the RFC, if the first request (4.1.1 Authorization Request.) contains redirection URL, the second request as a MUST to contain the same redirection URL

To conclude: Add to the above example the redirection URL, namely: redirect_uri=https%3A%2F%2Fmyapp.com%2Fauthorize&

Finally, it should be: client_id=631206c8-7792-11e7-90b3-872e79925778&code=V1bjcvKDivRUc6Sg1jhEc8ckDwyLNG&redirect_uri=https%3A%2F%2Fmyapp.com%2Fauthorize&grant_type=authorization_code

Aug 30 '19 17:08 mkdir-washington-edu

h h copied to clipboard

Fix OAuth explanation in documentation

https://h.readthedocs.io/en/latest/api/using-oauth/#implementing-oauth-flow In paragraph 2:

client_id=631206c8-7792-11e7-90b3-872e79925778&code=V1bjcvKDivRUc6Sg1jhEc8ckDwyLNG&grant_type=authorization_code

h
h copied to clipboard