The availability of features may depend on your plan type. Contact your Customer Success Manager if you have any questions.
Dev GuideAPI ReferenceUser Guide
Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide
GitHubDev CommunityOptimizely AcademySubmit a ticket

Redirection

This topic describes the information that will be included in an HTTP GET request that Optimizely Web Experimentation sends if a user accepts or rejects authorization.

If the user accepts (or rejects) authorization, Optimizely Web Experimentation sends an HTTP GET request to the redirect URI provided during authorization with the values described below.

If you are using the implicit grant flow, this information is provided in the URL fragment. The example following URLs show redirects to http://myapplication.com in cases where the user either accepts or rejects authorization.

If you are using the authorization code flow, this information is provided in the redirection query parameters. The following example URLs show redirects to http://myapplication.com in cases where the user either accepts or rejects authorization.

Definitions

  • access_tokenImplicit grants only. If you are using the implicit grant flow, this key contains a valid access token you can use to access the REST API on behalf of the authorizing user. Go to Authentication for instructions on using an access token to access the REST API.
  • codeAuthorization code grants only. If you are using the authorization code flow, this parameter contains an authorization code you can use to exchange for an access token and refresh token. The authorization code expires in ten minutes and can only be used once. Go to Authorization Code for instructions on obtaining an access token.
  • token_typeImplicit grants only. The only supported type is bearer.
  • state – The state you provided in the authorization request. You should verify that this value matches the state you provided earlier.
  • expires_inImplicit grants only. The TTL for this token in seconds. All access tokens expire in two hours (7200).

Example URLs

// Successful authorization (implicit grant)
http://myapplication.com/
  #access_token=abcdefghijklmnopqrstuvwxyz
  &token_type=bearer
  &state=somesecurestate
  &expires_in=7200

// Unsuccessful authorization (implicit grant)
http://myapplication.com/
  #error=access_denied
  &state=somesecurestate

// Successful authorization (authorization code grant)
https://myapplication.com/
  ?code=asdbawejksd
  &state=somesecurestate

// Unsuccessful authorization (authorization code grant)
https://myapplication.com/
  ?error=access_denied
  &state=somesecurestate

Updated 7 days ago