2. Redirect back to your site by MID

If the user accepts your request, MID redirects the user back to your site with a temporary code in a code parameter. The temporary code will expire after 10 minutes.

In addition, it also contains the state you provided in the previous step in the state parameter. If the states don't match, it means a third party created the request, and you should abort the process.

Exchange the code for an access token:

POST https://mid.maneslab.xyz/api/v1/oauth/token

Parameters:

Parameter name

Type

Description

client_id

string

Required. The client ID you received from MID for your OAuth App.

client_secret

string

Required. The client secret you received from MID for your OAuth App.

grant_type

string

Required. grant_type=authorization_code

code

string

Required. The code you received as a response to Step 1.

redirect_uri

string

Required. The URL in your application where users are sent after authorization.

sample code:

let data = {
    'client_id': client_id,
    'client_secret': client_secret,
    'grant_type': 'authorization_code',
    'code': code,
    'redirect_uri': redirect_uri,
};

let form_body = [];
for (let property in data) {
    let encoded_key = encodeURIComponent(property);
    let encoded_value = encodeURIComponent(data[property]);
    form_body.push(encoded_key + "=" + encoded_value);
}
form_body = form_body.join("&");

let options = {
    method: 'POST',
    headers: {
        "content-type": "application/x-www-form-urlencoded",
    },
    body: form_body
};

fetch(`https://mid.maneslab.xyz/api/v1/oauth/token`, options)
    .then(response => response.json())
    .then(response => {
        console.log(response)
    })
    .catch(err => console.error(err));

Example responses:

{
  "access_token":"xxxxxxxx",
  "token_type":"bearer"
}

Previous1. Request a user's MID identity Next3. Use the access token to access the API

Last updated 2 years ago