Getting an OAuth token

Set up working with the OAuth protocol so that users can authorize on your website or service page. To do this, you need an OAuth token.

An OAuth token can be used to access Yandex services on behalf of a specific user providing they have granted the permission to do so. Request a token for each new user who logs in to your service via Yandex.

You can choose a method for obtaining an OAuth token that suits your service best:

The received token can be saved in the app and used for requests until its lifetime expires. The token should only be available to your app, so we don't recommend saving it in the browser or open configuration files.

Instant login

Use the instant authorization technology to enable users to log in to your website with their Yandex account. The user can authorize via the Instant login widget or personal button:

  • If the user is already logged in to their Yandex account on the current device, the widget or button will show their profile picture and name to continue authorizing on your website.
  • If the user isn't logged in to their Yandex account yet, they can authorize using the widget or button.

The Instant login widget is a popup window on your website where the user can log in with their Yandex account.

  • If the user is authorized:

  • If the user isn't authorized:

A personal button is an element for logging in to Yandex ID quickly that looks like a button. You can place the button on your website page:

  • If the user is authorized:

  • If the user isn't authorized:

To enable a widget or personal button, set up the instant authorization script.

Requesting an OAuth token using the confirmation code

The user allows access to get the data stored in their Yandex ID profile with the verification code.

To request a confirmation code to exchange for an OAuth token, choose one of the following methods:

  • If you can set up the app to receive information from a URL automatically, get the confirmation code from the redirect URL (recommended method):
    Getting a confirmation code from a URL

  • If it's difficult to get the redirect URL in the app, request the code output on the browser page. The method is good for console apps, when the user has access to the browser and can use the keyboard to enter the code they received:
    Receiving a confirmation code from the user

  • If the user can't use a browser or it's difficult to enter a code on the device, you can ask the user to enter the code in Yandex OAuth. The method is good for apps launched on multimedia devices, such as Smart TV:
    Entering the code on the authorization page Yandex OAuth

Tip

You can design the link for obtaining an OAuth token in the page HTML code as a button with the Yandex logo.

You can customize the button to match the style of your website or app. Learn more.

Debug token

If the app is at the development or testing stage, you can use a debug token. You don't need a verification code to get a debug token.

SDK Yandex ID

To set up authorization on mobile devices, use the SDK Yandex ID libraries.

Previous
Step 1. Registering an app
Next
Step 3. Getting information about the user
In this article: