User OAuth Flow
To perform actions on behalf of a Podchaser user you will need to request appropriate scopes via a standard OAuth Authorization Code Grant flow.
Step 1
The user should be forwarded to https://www.podchaser.com/do-auth with the following query parameters:
client_id
: the Client ID for your applicationredirect_uri
: the URI that the user should be redirected to after approving or denying the authorization request. This needs to match the value in Podchaser's database, if it needs to change contact ben@podchaser.com. (Self serve client management coming soon)scope
: a space delimited list of scopes your application is requesting (see below for available scopes)state
: (optional) a string which will be passed back to your application upon approval
Step 2
If the user approves the request, they will be forwarded to your redirect URI with the following query parameters:
code
: the authorization code that your server will trade for an access tokenstate
: the state passed in with the original request
Step 3
Your server should use the requestAccessToken mutation to exchange the authorization code for an access token for the user
Example requestAccessToken request:
requestAccessToken(
input: {
grant_type: AUTHORIZATION_TOKEN
client_id: "92170a97-d773-44f3-bbd5-c825b27e7f5c"
client_secret: "IBvjEqjk5jCdTEGtzccNXsVilYwAwkpemNSuLHhm",
code:"ESeri4eh09ghZC5I4Np9FuM3d3zHvsNiD4JksUb7aCJaD1pdj"
}
) {
access_token
refresh_token
}
}
You can now use the resulting access_token
in any requests as a bearer token. You should also save the refresh_token
for use in the Refresh Token Flow.
Available Scopes
read_ratings
: View your podcast and episode ratingsedit_ratings
: Create, edit & delete ratings on your behalfread_reviews
: View your podcast and episode reviewsedit_reviews
: Create, edit & delete reviews on your behalfedit_listens
: Mark episodes as listened or unlistened