Like in the case of the flow for Server-side Web Applications described in Chapter 2, you’ll first need to register your application with the API provider (see Developer and Application Registration).
This step is very similar to the Authorization Code flow. Since requesting data access requires redirecting your users to the authorization server, it’s a best practice to let them know in advance what will happen. You can do this by displaying a message, along with a link that directs the user to the OAuth authorization endpoint.
You can find the URL for the OAuth authorization endpoint in the API provider’s documentation. For Google Tasks (and all other Google APIs using OAuth 2.0), the authorization endpoint is at
You will need to specify a few query parameters with this link:
The value provided to you when you registered your application.
The location the user should be returned to after they
approve access for your app. For this example, the application
The data your application is requesting access to. This is
specified as a list of space-delimited strings. Valid values for
scope should be included in the API provider documentation. For Google Contacts, the ...