Redirection
This topic describes the information that will be included in an HTTP GET request that Optimizely Web Experimentation sends if a user accepts or rejects authorization.
If the user accepts (or rejects) authorization, Optimizely Web Experimentation sends an HTTP GET request to the redirect URI provided during authorization with the values described below.
If you're using the implicit grant flow, this information will be provided in the URL fragment. The example URLs below show redirects to http://myapplication.com
in cases where the user either accepts or rejects authorization.
If you're using the authorization code flow, this information will be provided in the redirection query parameters. The example URLs below show redirects to http://myapplication.com
in cases where the user either accepts or rejects authorization.
Definitions
- access_token – Implicit grants only. If you're using the implicit grant flow, this key will contain a valid access token you can use to access the REST API on behalf of the authorizing user. Jump to Authentication for instructions on using an access token to access the REST API.
- code – Authorization code grants only. If you're using the authorization code flow, this parameter contains an authorization code you can use to exchange for an access token and refresh token. The authorization code will expire in ten minutes and can only be used once. Jump to Authorization Code for instructions on obtaining an access token.
- token_type – Implicit grants only. As of March 2015, the only supported type is
bearer
. - state – The state you provided in the authorization request. You should verify that this value matches the state you provided earlier.
- expires_in – Implicit grants only. The TTL for this token in seconds. As of March 2015, all access tokens will expire in two hours (
7200
).
Example URLs
// Successful authorization (implicit grant)
http://myapplication.com/
#access_token=abcdefghijklmnopqrstuvwxyz
&token_type=bearer
&state=somesecurestate
&expires_in=7200
// Unsuccessful authorization (implicit grant)
http://myapplication.com/
#error=access_denied
&state=somesecurestate
// Successful authorization (authorization code grant)
https://myapplication.com/
?code=asdbawejksd
&state=somesecurestate
// Unsuccessful authorization (authorization code grant)
https://myapplication.com/
?error=access_denied
&state=somesecurestate
Updated almost 2 years ago