Skip to content

Update OAuth documentation to clarify when parameters should be used #1796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ThisIsMissEm wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update OAuth documentation to clarify when parameters should be used #1796

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions content/en/methods/oauth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,22 +113,22 @@ Obtain an access token, to be used during API calls that are not public.
##### Form data parameters

grant_type
: {{<required>}} String. Set equal to `authorization_code` if `code` is provided in order to gain user-level access. Otherwise, set equal to `client_credentials` to obtain app-level access only.

code
: {{<required>}} String. A user authorization code, obtained from the redirect after an [Authorization request](#authorize) is approved. May alternatively be displayed to the user if `urn:ietf:wg:oauth:2.0:oob` is used as the `redirect_uri`.
: {{<required>}} String. Use `authorization_code` to gain user-level access, otherwise, use `client_credentials` to obtain app-level access only.

client_id
: {{<required>}} String. The client ID, obtained during app registration.

client_secret
: {{<required>}} String. The client secret, obtained during app registration.

code
: {{<required>}} String. When `grant_type` is set to `authorization_code`, a user authorization code, obtained after an [Authorization request](#authorize) is approved.

redirect_uri
: {{<required>}} String. Must match the `redirect_uri` used during the [Authorization request](#authorize).
: {{<required>}} String. When `grant_type` is set to `authorization_code`, the URI that was used during the [Authorization request](#authorize), must match using [simple string comparison](https://www.rfc-editor.org/rfc/rfc3986.html#section-6.2.1).

code_verifier
: String. Required if [PKCE]({{< relref "spec/oauth#pkce" >}}) is used during the authorization request. This is the code verifier which was used to create the `code_challenge` using the `code_challenge_method` for the authorization request.
: String. Required if [PKCE]({{< relref "spec/oauth#pkce" >}}) was used during the [Authorization request](#authorize). This is the code verifier which was used to create the `code_challenge` using the `code_challenge_method` for the authorization request. Not applicable when `grant_type` is set to `client_credentials`.

scope
: String. When `grant_type` is set to `client_credentials`, the list of requested OAuth scopes, separated by spaces (or pluses, if using query parameters). Must be a subset of the scopes requested at the time the application was created. If omitted, it defaults to `read`. Has no effect when `grant_type` is `authorization_code`.
Expand Down