Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideProduct feedbackGitHubNuGetDev CommunityDoc feedbackLog In

Redirection

This topic describes the information that will be included in an HTTP GET request that Optimizely Web Experimentation sends if a user accepts or rejects authorization.

If the user accepts (or rejects) authorization, Optimizely Web Experimentation sends an HTTP GET request to the redirect URI provided during authorization with the values described below.

If you're using the implicit grant flow, this information will be provided in the URL fragment. The example URLs below show redirects to http://myapplication.com in cases where the user either accepts or rejects authorization.

If you're using the authorization code flow, this information will be provided in the redirection query parameters. The example URLs below show redirects to http://myapplication.com in cases where the user either accepts or rejects authorization.

Definitions

  • access_tokenImplicit grants only. If you're using the implicit grant flow, this key will contain a valid access token you can use to access the REST API on behalf of the authorizing user. Jump to Authentication for instructions on using an access token to access the REST API.
  • codeAuthorization code grants only. If you're using the authorization code flow, this parameter contains an authorization code you can use to exchange for an access token and refresh token. The authorization code will expire in ten minutes and can only be used once. Jump to Authorization Code for instructions on obtaining an access token.
  • token_typeImplicit grants only. As of March 2015, the only supported type is bearer.
  • state – The state you provided in the authorization request. You should verify that this value matches the state you provided earlier.
  • expires_inImplicit grants only. The TTL for this token in seconds. As of March 2015, all access tokens will expire in two hours (7200).

Example URLs

// Successful authorization (implicit grant)
http://myapplication.com/
  #access_token=abcdefghijklmnopqrstuvwxyz
  &token_type=bearer
  &state=somesecurestate
  &expires_in=7200

// Unsuccessful authorization (implicit grant)
http://myapplication.com/
  #error=access_denied
  &state=somesecurestate

// Successful authorization (authorization code grant)
https://myapplication.com/
  ?code=asdbawejksd
  &state=somesecurestate

// Unsuccessful authorization (authorization code grant)
https://myapplication.com/
  ?error=access_denied
  &state=somesecurestate