Step 2: Request users to grant permissions
This step requires you to provide a way for Bigin users to open your client's authorization request link that is created in the above section. Next, the Bigin users must authenticate with the Bigin authorization server (Bigin account) to grant permissions to the client's request.
To allow a user to authorize your client, follow these steps:
- From your web application end, provide a way for the user to open your client authorization request link in a browser.
- When the authorization request link opens in a browser, the user must sign in to authenticate with the Bigin account (only if they are not already signed in).
- After the user's successful authentication, the following page appears:
Alternatively, the below window appears prior to the authorization consent page when the user is part of more than one organization in the Bigin account. The user must select an organization to which the client is able to connect and then click Submit.
The Bigin authorization server generates the authorization code for just the selected organization.
Note: If the user is a part of more than one organization in the Bigin account, your application can generate an authorization code only for a specific organization. In that case, the access token obtained from that authorization code will become specific to the organization.
- The user must validate the scopes and decide either to accept or reject the request. If they accept the request, the authorization server sends the browser back to the redirect URI, which is specified while registering the client and in the authorization code request.
A sample redirect URI response looks like the following:
Note: You can create a back-end script based on the context of your application for storing the details from the redirect URI response.
The redirect URI response contains the following components:
|redirect_uri||An Authorized Redirect URI to which the authorization server sends the response of the authorization request back after the user consent.||https://www.yourdomain.com/callback|
A short-lived authorization code returns along with redirection URI as a query parameter code. This code can be exchanged with the authorization server for generating access and refresh tokens.
Note: The generated authorization code is valid for 1 minute and can only be used once.
|location||The domain location of the user from which the client must make API requests.||location=us|
|accounts-server||The accounts URL is used for generating access and refresh tokens.||accounts-server=https://accounts.zoho.com/|
If the user rejects the request, the authorization server sends the browser back to the redirect URI with the parameter error=access_denied, and your application is denied access to the user's data in Bigin.