Set up to authorize users
When a user connects their Snyk account to your App, they must authorize access to their chosen organization or group and approve the requested scopes. This process is started when you direct users to the Snyk Apps authorization page and pass the appropriate parameters:
1
https://app.snyk.io/oauth2/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectURI}&scope={scopes}&nonce={nonce}&state={state}&version={version}
Copied!
Note that this is a webpage link and not an API endpoint.
The scopes and the redirect_uri must match what was defined when the App was created.
The state value is used to carry any App-specific state from this
/authorize call to the callback on the redirect_uri (such as a user’s id). It must be verified in your callback to prevent CSRF attacks.The nonce value is a highly randomized string stored alongside a timestamp on the app side before calling
/authorize, then verified on the returned access token. For more information see The OAuth 2.0 Authorization Framework Access Token Types.
An example of what the user sees when redirected to the Snyk Apps authorization page
After the connection is complete, the user is redirected to the specified redirect URI with query string parameters code and state added on, which are necessary for the next step.
Last modified 8d ago
Export as PDF
Copy link
Edit on GitHub