# OAuth ## Authorize > Authorizes a user via OAuth to connect an application.\ > \ > OAuth authorization URL construction:\ > \`{GLOBAL\_SETTINGS\_DOMAIN}/api/v1/oauth/authorize?client\_id={CLIENT\_ID}\&response\_type=code\&redirect\_uri={REDIRECT\_URI}\&state={STATE}\`\ > \ > After authorization, you will receive the authorization code and the provided state as query parameters in the redirect URL:\ > \`{REDIRECT\_URI}?code={AUTHORIZATION\_CODE}\&state={PROVIDED\_STATE}\`\ > \ > For \`{GLOBAL\_SETTINGS\_DOMAIN}\`, use the domain of your Flosum Global Settings instance (for example, \`global-us.flosum.app\`).\ > \ > You can find the \`{CLIENT\_ID}\` in your connected app under Global Settings > Security > Connected Apps. ```json {"openapi":"3.0.0","info":{"title":"Flosum Global Settings","version":"1.6.19-dev.1"},"paths":{"/api/v1/oauth/authorize":{"get":{"description":"Authorizes a user via OAuth to connect an application.\n\nOAuth authorization URL construction:\n`{GLOBAL_SETTINGS_DOMAIN}/api/v1/oauth/authorize?client_id={CLIENT_ID}&response_type=code&redirect_uri={REDIRECT_URI}&state={STATE}`\n\nAfter authorization, you will receive the authorization code and the provided state as query parameters in the redirect URL:\n`{REDIRECT_URI}?code={AUTHORIZATION_CODE}&state={PROVIDED_STATE}`\n\nFor `{GLOBAL_SETTINGS_DOMAIN}`, use the domain of your Flosum Global Settings instance (for example, `global-us.flosum.app`).\n\nYou can find the `{CLIENT_ID}` in your connected app under Global Settings > Security > Connected Apps.","operationId":"OAuthController_authorize_v1","parameters":[],"responses":{"302":{"description":"Redirects to the redirect URI with the authorization code and state as query parameters in the URL.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuthorizeResponseDto"}}}},"400":{"description":"","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationExceptionDto"}}}},"500":{"description":"","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ExceptionDto"}}}}},"summary":"Authorize","tags":["OAuth"]}}},"components":{"schemas":{"AuthorizeResponseDto":{"type":"object","properties":{"url":{"type":"string"},"status":{"type":"number"}},"required":["url","status"]},"ValidationExceptionDto":{"type":"object","properties":{"message":{"type":"array","items":{"type":"string"}},"error":{"type":"string","nullable":true},"statusCode":{"type":"number","enum":[100,101,102,103,200,201,202,203,204,205,206,207,208,210,300,301,302,303,304,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,428,429,456,500,501,502,503,504,505,507,508]}},"required":["message","error","statusCode"]},"ExceptionDto":{"type":"object","properties":{"message":{"type":"string"},"error":{"type":"string","nullable":true},"statusCode":{"type":"number","enum":[100,101,102,103,200,201,202,203,204,205,206,207,208,210,300,301,302,303,304,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,428,429,456,500,501,502,503,504,505,507,508]}},"required":["message","error","statusCode"]}}}} ``` ## Generate access token > Exchanges an authorization code or refresh token for an access token.\ > \ > First, obtain an authorization code via the OAuth \`/authorize\` endpoint, then pass it to the \`/token\` endpoint:\ > \`{GLOBAL\_SETTINGS\_DOMAIN}/api/v1/oauth/token?grant\_type=authorization\_code\&code={CODE}\&redirect\_uri={REDIRECT\_URI}\&client\_id={CLIENT\_ID}\&client\_secret={CLIENT\_SECRET}\`\ > \ > After a successful request, you will get a response containing a \`refresh\_token\`. You can use it to get a new access token by passing it to the token endpoint:\ > \`{GLOBAL\_SETTINGS\_DOMAIN}/api/v1/oauth/token?grant\_type=refresh\_token\&refresh\_token={REFRESH\_TOKEN}\&redirect\_uri={REDIRECT\_URI}\&client\_id={CLIENT\_ID}\&client\_secret={CLIENT\_SECRET}\`\ > \ > You can get \`{CLIENT\_ID}\` and \`{CLIENT\_SECRET}\` in your connected app under Global Settings > Security > Connected Apps. ```json {"openapi":"3.0.0","info":{"title":"Flosum Global Settings","version":"1.6.19-dev.1"},"paths":{"/api/v1/oauth/token":{"post":{"description":"Exchanges an authorization code or refresh token for an access token.\n\nFirst, obtain an authorization code via the OAuth `/authorize` endpoint, then pass it to the `/token` endpoint:\n`{GLOBAL_SETTINGS_DOMAIN}/api/v1/oauth/token?grant_type=authorization_code&code={CODE}&redirect_uri={REDIRECT_URI}&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}`\n\nAfter a successful request, you will get a response containing a `refresh_token`. You can use it to get a new access token by passing it to the token endpoint:\n`{GLOBAL_SETTINGS_DOMAIN}/api/v1/oauth/token?grant_type=refresh_token&refresh_token={REFRESH_TOKEN}&redirect_uri={REDIRECT_URI}&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}`\n\nYou can get `{CLIENT_ID}` and `{CLIENT_SECRET}` in your connected app under Global Settings > Security > Connected Apps.","operationId":"OAuthController_token_v1","parameters":[],"requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"$ref":"#/components/schemas/OAuthTokenBodyDto"}}}},"responses":{"200":{"description":"Returns access_token, refresh_token, and expires_in (in seconds).","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TokenResponseDto"}}}},"400":{"description":"","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationExceptionDto"}}}},"500":{"description":"","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ExceptionDto"}}}}},"summary":"Generate access token","tags":["OAuth"]}}},"components":{"schemas":{"OAuthTokenBodyDto":{"type":"object","properties":{"grant_type":{"description":"OAuth grant type","allOf":[{"$ref":"#/components/schemas/GrantType"}]},"code":{"type":"string","description":"Authorization code extracted from the OAuth `/authorize` response parameters (used when `grant_type=authorization_code`)."},"refresh_token":{"type":"string","description":"Refresh token extracted from the OAuth `/token` response parameters (used when `grant_type=refresh_token`)."},"redirect_uri":{"type":"string","description":"Allowed redirect URI"},"client_id":{"type":"string","description":"Client identifier (from connected app)"},"client_secret":{"type":"string","description":"Client secret (from connected app)"}},"required":["grant_type","redirect_uri","client_id","client_secret"]},"GrantType":{"type":"string","enum":["authorization_code","refresh_token"],"description":"OAuth grant type"},"TokenResponseDto":{"type":"object","properties":{"access_token":{"type":"string"},"token_type":{"type":"string"},"refresh_token":{"type":"string","nullable":true},"expires_in":{"type":"number"}},"required":["access_token","token_type","refresh_token","expires_in"]},"ValidationExceptionDto":{"type":"object","properties":{"message":{"type":"array","items":{"type":"string"}},"error":{"type":"string","nullable":true},"statusCode":{"type":"number","enum":[100,101,102,103,200,201,202,203,204,205,206,207,208,210,300,301,302,303,304,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,428,429,456,500,501,502,503,504,505,507,508]}},"required":["message","error","statusCode"]},"ExceptionDto":{"type":"object","properties":{"message":{"type":"string"},"error":{"type":"string","nullable":true},"statusCode":{"type":"number","enum":[100,101,102,103,200,201,202,203,204,205,206,207,208,210,300,301,302,303,304,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,428,429,456,500,501,502,503,504,505,507,508]}},"required":["message","error","statusCode"]}}}} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.flosum.com/api/api-ja/gurbaru-api/oauth.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.