Implicit Flow

Use for

  • Single-Page Web Applications

Following process describes how to obtain an user's authorization to interact with the Loom AI API on the user's behalf using the OAuth2 Implicit Flow.

1. User Authentication & Request Authorization

Redirect the user to following parameterized URL to authenticate the user and request authorization for your application to interact with the Loom AI API on the user's behalf.

https://auth.loomai.com/authorize?
  response_type=token&
  audience=https%3A%2F%2Fapi.loomai.com%2F&
  client_id={CLIENT_ID}&
  redirect_uri={REDIRECT_URI}&
  scope={SCOPE}&
  state={STATE}

Parameter

Description

response_type

Set to token.

audience

Set to https://api.loomai.com/(url-encoded).

client_id

redirect_uri

The URL to which the user will be redirected after authorization has been completed (url-encoded). The access token will be appended to the URL using an url fragment (#).

scope

state

Request

<a href="https://auth.loomai.com/authorize?
    response_type=token&
    audience=https%3A%2F%2Fapi.loomai.com%2F&
    client_id={CLIENT_ID}&
    redirect_uri=https%3A%2F%2Fapp.domain.tld%2Foauth%2Fcallback&
    scope=read:avatars%20write:avatars&
    state=0xdeadbeef">
    Sign In
</a>

Response

If all parameters are valid, you will receive a HTTP 302 response redirecting to your specified redirect_uri with an url fragment, encoded as query parameters, that contains the authorization result. Specifically the access_token required to use the Loom AI API as well as additional information like token lifetime, authorized scopes etc.

If authorization failed or has been denied by the user, the url fragment will contain an error parameter with further details instead.

HTTP/1.1 302 Found
Location: https://app.domain.tld/oauth/callback#
    access_token=ACCESS_TOKEN&
    expires_in=3600&
    token_type=Bearer&
    scope=AUTHORIZED_SCOPES&
    state=0xdeadbeef
PreviousClient Credentials FlowNextRefresh Token Flow

Last updated