Skip to main content

User OAuth Flow

To perform actions on behalf of a Podchaser user you will need to request appropriate scopes via a standard OAuth Authorization Code Grant flow.

Step 1

The user should be forwarded to https://www.podchaser.com/do-auth with the following query parameters:

  • client_id: the Client ID for your application
  • redirect_uri: the URI that the user should be redirected to after approving or denying the authorization request. This needs to match the value in Podchaser's database, if it needs to change contact ben@podchaser.com. (Self serve client management coming soon)
  • scope: a space delimited list of scopes your application is requesting (see below for available scopes)
  • state: (optional) a string which will be passed back to your application upon approval

Step 2

If the user approves the request, they will be forwarded to your redirect URI with the following query parameters:

  • code: the authorization code that your server will trade for an access token
  • state: the state passed in with the original request

Step 3

Your server should use the requestAccessToken mutation to exchange the authorization code for an access token for the user

Example requestAccessToken request:

  requestAccessToken(
input: {
grant_type: AUTHORIZATION_TOKEN
client_id: "92170a97-d773-44f3-bbd5-c825b27e7f5c"
client_secret: "IBvjEqjk5jCdTEGtzccNXsVilYwAwkpemNSuLHhm",
code:"ESeri4eh09ghZC5I4Np9FuM3d3zHvsNiD4JksUb7aCJaD1pdj"
}
) {
access_token
refresh_token
}
}

You can now use the resulting access_token in any requests as a bearer token. You should also save the refresh_token for use in the Refresh Token Flow.

Available Scopes

  • read_ratings: View your podcast and episode ratings
  • edit_ratings: Create, edit & delete ratings on your behalf
  • read_reviews: View your podcast and episode reviews
  • edit_reviews: Create, edit & delete reviews on your behalf
  • edit_listens: Mark episodes as listened or unlistened