OAuth Authorization

Authorizes your app to access Warhorn on behalf of a user.

Warhorn responds to an authorization request by presenting a consent page to the user, prompting them to allow your app to access their Warhorn account. If the user is not already logged in, they will be required to log in before consenting.

After the user indicates approval by clicking the “Allow” button on the consent page, Warhorn redirects the browser back to your app using the callback URL provided in the authorization request, including an authorization code which must be provided in the next step of the authorization flow, the token request.

Request parameters

client_id

REQUIRED if Basic authentication is not used. The application’s client ID as listed in your Warhorn account settings.

client_secret

REQUIRED for confidential applications only if Basic authentication is not used. The application’s client secret as listed in your Warhorn account settings.

redirect_uri

REQUIRED. Your application’s callback URL as configured in your Warhorn account settings.

response_type

REQUIRED. MUST be code, indicating that you want the response to include an authorization code.

scope

An optional, space-separated list of authorization scopes requested for the application.

state

REQUIRED. A token generated by the app. Will be echoed back in the response for the application’s validation. See Authorization Code Grant on oauth.com for more information about how the state token can be used by the app.

Redirect URL parameters

After authorization completes, Warhorn redirects your app to the redirect_uri specified in the request (note that this parameter must match the callback URL configured when registering the app) and embeds the following parameters:

code

An authorization code to be exchanged for a user access token.

state

The state parameter specified in the request.

Example

GET /oauth/authorize
  ?response_type=code
  &redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foauth
  &scope=openid%20email%20profile
  &state=b3383ec07c5372aa9d22
  HTTP/1.1
Host: warhorn.net
Authorization: Basic czZCaGRSa3F0Mzo3RmpmcDBaQnIxS3REUmJuZlZkbUl3


302 Found
Location: https://example.com/oauth/callback?code=muCvSdwVv4UiSWM2QHn3W64J&state=b3383ec07c5372aa9d22

Configuration

Authorization endpoint

https://warhorn.net/oauth/authorize