Implicit Grant
As you can't store your client's credentials in a safe area, you'll need to use the implicit grant. This way is mainly used by frontend-only environments, like websites or mobile applications.
How it works#
- The user asks for Login inside your application
- Instead of building a login-form, you just redirect the user to our OAuth endpoint
- The user authenticates with their credentials
- If nothing goes wrong, the AniAPI server redirects the user to your app with their
access_token
Requirements#
- An AniAPI OAuth Client
- A website or a mobile application
- A temporary webserver to grab the token
Redirect the user#
Open a browser window (or just redirect if your application is a website) and make a request to https://api.aniapi.com/v1/oauth.
The oauth endpoint expects some parameters to identify the client calling it:
| Name | Required | Description |
|---|---|---|
client_id | Yes | Your client ID |
redirect_uri | Yes | Your client redirect URI |
response_type | Yes | For implicit grant pass token |
state | No | A random string generated by your application |
info
The client_id and redirect_uri values must match your client's one.
The state parameter (optional) is used to protect your application from cross-site request forgery (CSRF).
If provided, the AniAPI server will return it alongside the user's access_token.
Verify it against the value you provided before to validate the response.
https://api.aniapi.com/v1/oauth? response_type=token &client_id=<CLIENT_ID> &redirect_uri=<REDIRECT_URI> &state=<RANDOM_STRING>Retrieve the token#
Once the user approved the Authentication request and completed the login step, the AniAPI server will redirect them back to your application.
Let's assume you provided http://localhost:3000/auth as redirect_uri value. This will be the redirection URL:
http://localhost:3000/auth/#access_token=<TOKEN>&state=<RANDOM_STRING>As you can see, inside the URL fragment there will be the user's access_token and the optional state value you provided initially.
caution
The URL fragment differs from a querystring because it is accesible from frontend only.
You need to extract it by using JavaScript inside the webpage.