Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Authorization Code Flow

This is the preferred Authentication Flow. When using this flow, the client will work with the user's web browser to guide them through authenticating with this service.

The full process is detailed in the Authentication and Authorization section of the book. It entails directing the user's browser to /authorize, waiting for a response at a pre-registered Redirect URI for an authorization code, and finally requesting an Authorization Code Grant from /token to obtain an access token.

This authentication flow should be used if possible. It MUST be used if:

  • the client code is distributed to end-users; a Single-Page Web Application, a Mobile Application, or a Native Application
  • the client cannot keep its secret confidential
  • the client serves a broad user-base; i.e., every iRacing user is a potential user of the client