Implicit Grant Type
Attention: Implicit grant is applicable for apps without servers, if your app has a server, it’s recommended to use authorization code grant type.
1. Getting Access Token
request url: https://account.xiaomi.com/oauth2/authorize
request method: GET
request params:
| name | required | type | description |
|---|---|---|---|
| client_id | yes | long | allocated APP ID during app requests |
| redirect_uri | yes | string | request redirect url, should be the same as the one in allocated APP ID (other data may be different) |
| response_type | yes | string | description of response type, response_type=token |
| scope | optional | string | data required for getting scope permissions, multiple applications allowed (separated by a space), see scope permission list |
| state | optional | string | used for maintaining correspondence with request and callback, given to a third party after the request is successful, used for preventing CSRF attacks, and strongly recommended for use by third parties |
| skip_confirm | optional | boolean | the signed in user will see a page for switching accounts, if this is not required by the app, you can add skip_confirm=true, Yellow Pages app should be set as true |
response data:
- SUCCESS
Once permission request is successful, the server will give the user’s browser a redirect url with access_token, token_type, expires_in, mac_algorithm, mac_key, state, etc.:
http://example.com/example#access_token=TOKEN&token_type=mac&expires_in=7776000&mac_algorithm=HmacSHA1&mac_key=MACKEY&scope=SCOPE
response data detail:
| name | required | type | description |
|---|---|---|---|
| access_token | yes | string | required access token |
| expires_in | yes | string | validity period of access token in seconds, see Token Life Cycle |
| scope | yes | string | scope of access token, see scope permissions list |
| mac_key | yes | string | MAC key required for interactions between HTTP and Open API, validity period same as that of access token |
| mac_algorithm | yes | string | Algorithm used for for interactions between HTTP and Open API and digital signatures, currently supports HmacSha1 |
| state | optional | string | If the data is passed during the request, the same data will be returned |
- FAILED
Once permission request is unsuccessful, the server will give the user’s browser a redirect url with error, error_description, state, etc.:
http://example.com/example?error=ERROR&error_description=ERROR_DESCRIPTION&state=STATE
| name | required | type | description |
|---|---|---|---|
| error | yes | int | oauth error code list |
| error_description | yes | string | simple error description |
| state | optional | string | if the data is passed during the request, the same data will be returned |