Very rough explanation.

Direct the user first too
client_id, redirect_uri

Then when they login the user is directed to

When they authorise you get a response with a "code" that you use to make a call to
app_id, app_secret, code

Then if accepted you get a user_id, username & token_public back.

client_id = app_id
The main API was made first using "app_id" and then the OAuth was added later. The norm for OAuth is "client_id". So there is a big of confusion there.
  • By canadaka Trailforks Plus
  • #110 - 786 views