Set up to authorize users
When a user connects their Snyk account to your App, they must authorize access to their chosen Organization and approve the requested scopes. This is done by linking users to an authorization webpage and passing the appropriate parameters:
1
https://app.snyk.io/oauth2/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectURI}&scope={scopes}&nonce={nonce}&state={state}&version={version}
Copied!
Note that this is a webpage link and not an API endpoint.
The current version can be found in our API documentation.
The scopes and the redirect_uri must match what was defined when the App was created.
The state value is used to carry any App specific state from this /authorize call to the callback on the redirect_uri (such as a user’s id). It must be verified in your callback to prevent CSRF attacks.
The nonce value is a highly randomized string stored alongside a timestamp on the app side before calling /authorize, then verified on the returned access token. You can read more about this here.
An example of what the user will see when they are redirected to this page
After the connection is complete, the user is redirected to the provided redirect URI with query string parameters code and state added on, which are necessary for the next step.
Last modified 1d ago
Export as PDF
Copy link
Edit on GitHub