Set up to authorize users
When users connect their Snyk account to your App, they must authorize access to their chosen Organization or Group and approve the requested scopes. This process starts when you direct users to the Snyk Apps authorization web page and pass the appropriate parameters: https://app.snyk.io/oauth2/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectURI}&scope={scopes}&nonce={nonce}&state={state}&version={version}
The current version can be found in the Snyk OAuth2 API documentation.
The scopes
and the redirect_uri
must match what was defined when the App was created.
The state
value is used to carry any App-specific state from this /authorize
call to the callback on the redirect_uri
(such as a user’s id). It must be verified in your callback to prevent CSRF attacks.
The nonce
value is a highly randomized string stored alongside a timestamp on the app side before calling /authorize
, then verified on the returned access token. For more information see The OAuth 2.0 Authorization Framework Access Token Types.
After the connection is complete, the user is redirected to the specified redirect URI with query string parameters code
and state
added on, which are necessary for the next step.
Last updated