Complete the code to start the authorization request by redirecting the user to the authorization endpoint.
GET /authorize?response_type=[1]&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=readThe response_type=code tells the authorization server to return an authorization code.
Complete the code to exchange the authorization code for an access token.
POST /token
Content-Type: application/x-www-form-urlencoded
grant_type=[1]&code=AUTH_CODE&redirect_uri=REDIRECT_URI&client_id=CLIENT_ID&client_secret=CLIENT_SECRETThe grant_type=authorization_code is used to exchange the code for tokens.
Fix the error in the redirect URI parameter to ensure it matches the registered URI exactly.
GET /authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=[1]&scope=readThe redirect URI must exactly match the registered URI without extra slashes, query parameters, or different schemes.
Fill both blanks to correctly include the state parameter and response type in the authorization request.
GET /authorize?response_type=[1]&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&state=[2]
The response_type should be 'code' and state is a random string to prevent CSRF attacks.
Fill all three blanks to correctly parse the authorization code from the redirect URI and prepare the token request.
redirect_uri = 'https://example.com/callback?code=[1]&state=xyz123' code = redirect_uri.split('[2]')[1].split('&')[0] payload = {'grant_type': '[3]', 'code': code, 'redirect_uri': 'https://example.com/callback', 'client_id': 'CLIENT_ID', 'client_secret': 'CLIENT_SECRET'}
The code is extracted by splitting on 'code=' and the grant_type is 'authorization_code' for the token request.