Implicit Grant Flow for Client-Side Apps¶
Step 1: Sign in and get credentials¶
To create an app project, Yahoo needs information about your application including:
- home page URL
- scopes (permissions for specific services)
- application domain
Step 4: Extract access token from redirect URL¶
Once the user authorizes access, the user is redirected back to the
you originally specified. A authorization code is appended to the
as a URL fragment (also known as a hash fragment), shown below
When sent as a URL fragment, the access token is only visible to client (browser) and not sent to a server.
You must implement client-side code that extracts the access token from the URL fragment from the browser.
This flow does not provide a refresh token, so you will need to repeat the steps above to get a new access token.