Skip to main content

OAuth2 Guidelines

OAuth2 Authorization Guidelines

These guidelines provide information on implementing and using OAuth2 for secure and authorized access to the Leryon API.

Authorization Flow

  1. Authorization Code Flow: Developers must utilize the Authorization Code Flow for obtaining Access Tokens securely.

  2. Token Endpoint: Access Tokens should be requested from the Leryon Token Endpoint using secure HTTPS connections.

Client Registration

  1. Registering Clients: Developers must register their OAuth2 clients with Leryon for proper authentication and authorization.

  2. Client Secrets: Securely store and manage client secrets to prevent unauthorized access.

User Authentication

  1. Secure Authentication: Use secure and industry-standard methods for user authentication during the OAuth2 flow.

  2. Prompting for Consent: Clearly inform users about the permissions the application is requesting and prompt for explicit consent.

Token Handling

  1. Access Token Usage: Access Tokens obtained via OAuth2 must be used exclusively for accessing the Leryon API.

  2. Token Expiry: Developers should handle token expiry gracefully by refreshing tokens as needed.

Security Measures

  1. Redirect URI Validation: Validate and match redirect URIs to prevent unauthorized redirections.

  2. HTTPS Usage: All communication, including redirects, must occur over secure HTTPS connections.

Reporting Issues

If you encounter any issues or have concerns about OAuth2 implementation, please report them promptly to the Leryon support team.

Conclusion

Following these OAuth2 guidelines is crucial to ensure secure and authorized access to the Leryon API. Developers must adhere to industry best practices and maintain the integrity of the OAuth2 implementation.