This flow doesn't require a backend server and useful for web apps that need temporary user access. Refreshing tokens is not possible, so tokens will live longer (likely 1 day instead of 1 hour) and some sensitive endpoints might be restricted (TBD).
TL;DR: The user clicks a link to a special page on wavy.fm, with the Client ID, Redirect URL, and auth scopes in the URL. Once the user accepts, they are redirected back to your app with the bearer access token and expiry date in the URL. There is no refresh token.
Use-Case Description
This flow doesn't require a backend server and useful for web apps that need temporary user access. Refreshing tokens is not possible, so tokens will live longer (likely 1 day instead of 1 hour) and some sensitive endpoints might be restricted (TBD).
Depends on #18
Semantics
https://tools.ietf.org/html/rfc6749#section-1.3.2
TL;DR: The user clicks a link to a special page on wavy.fm, with the Client ID, Redirect URL, and auth scopes in the URL. Once the user accepts, they are redirected back to your app with the bearer access token and expiry date in the URL. There is no refresh token.