As you can't store your client's credentials in a safe area, you'll need to use the implicit grant. This way is mainly used by frontend-only environments, like websites or mobile applications.
- The user asks for Login inside your application
- Instead of building a login-form, you just redirect the user to our OAuth endpoint
- The user authenticates with their credentials
- If nothing goes wrong, the AniAPI server redirects the user to your app with their
- An AniAPI OAuth Client
- A website or a mobile application
- A temporary webserver to grab the token
Open a browser window (or just redirect if your application is a website) and make a request to
oauth endpoint expects some parameters to identify the client calling it:
|Yes||Your client ID|
|Yes||Your client redirect URI|
|Yes||For implicit grant pass |
|No||A random string generated by your application|
redirect_uri values must match your client's one.
state parameter (optional) is used to protect your application from cross-site request forgery (CSRF).
If provided, the AniAPI server will return it alongside the user's
Verify it against the value you provided before to validate the response.
https://api.aniapi.com/v1/oauth? response_type=token &client_id=<CLIENT_ID> &redirect_uri=<REDIRECT_URI> &state=<RANDOM_STRING>
Once the user approved the Authentication request and completed the login step, the AniAPI server will redirect them back to your application.
Let's assume you provided
redirect_uri value. This will be the redirection URL:
As you can see, inside the URL fragment there will be the user's
access_token and the optional
state value you provided initially.
The URL fragment differs from a querystring because it is accesible from frontend only.