Next: , Up: Authorize an OAuth App   [Index] Web Application Flow

The web application flow to authorize users for your app is:

  1. Users are redirected to request their GitHub identity
  2. Users are redirected back to your site by GitHub

    If the user accepts your request, GitHub redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. The temporary code will expire after 10 minutes. If the states don’t match, then a third party created the request, and you should abort the process.

    Exchange this code for an access token:

  3. Your app accesses the API with the user’s access token

The access token allows you to make requests to the API on a behalf of a user.

Authorization: token OAUTH-TOKEN

For example, in curl you can set the Authorization header like this:

curl -H "Authorization: token OAUTH-TOKEN"

Next: , Up: Authorize an OAuth App   [Index]