Let's look at how you can authenticate an application user with OAuth 2.0.
This procedure uses an Implicit Flow request. The client ID is necessary to link the user to an application definition where the redirect URL is specified.
- You have received a unique client ID and secret
- You have whitelisted your redirect URL with SuperOffice
- You have set up a web page at your redirect URL
- The application user has a valid username and password
Remember that the sub-domain is different for development, stage, and production. It is very likely that the client ID differs too.
To authenticate users:
Forward the user to the SuperOffice CRM Online sign-in page to authenticate.
Receive the authentication token when the sign-in page redirects the user back to your application.
Validate the authentication token.
No application is allowed to ask users for their credentials, ever! Next step: implement your application-specific logic.