Capture the Code

Redirect parameters

Parameters
code:	The short lived `code` from the `authorization` grant
scope:	A comma-separated string of permissions the user has agreed to allow.
state:	The `state` parameter specified in the original request

Handling the redirect

After user has granted access for the application, he should be redirected back to the specified redirect uri (valid to the application) with an OAuth2 code, scope, and state appended as get parameters.

URL

https://your-website.com/oauth?code=[code]&scope=[allowed permissions]&state=[original state parameter]

Tip

If a user has declined the application -or- has declined required permissions for your application, you should inform the user with a warning to prompt them to try again with the minimum permissions your application needs to avoid confusion.

Security

Danger

It is the client's responsibility to verify the state parameter received in the webhook is the same as the one sent in the original Authorize dialog request to prevent CSRF attacks.