[To be deleted] OAuth Strategy

Sometimes your app does not have an UI and you want to receive merchant's access token upon installation. In this case, you can turn on this setting. When merchant has installed your app, access token of that merchant will be sent to your webhook endpoint.

ERP will be renamed as The Implicit Grant Type, which is one of the four grant types defined in the OAuth 2.0 protocol for obtaining access tokens.

The Implicit Grant Type is designed for use by public clients, such as web-based applications, that cannot securely store client credentials. In this flow, the client requests an access token from the authorization server on behalf of the user, but does not receive a refresh token in return.

The Implicit Grant Type is initiated by the client sending a request to the authorization server with the response type set to "token". The server then prompts the user to authenticate and authorize the client to access their protected resources. Once the user has granted authorization, the authorization server sends the access token directly to the client in the response to the request, rather than issuing an authorization code that must be exchanged for an access token.

📘

Webhook

You can register access_token/create and access_token/revoke in webhook page. Please refer Webhook section for details.

❗️

ERP mode naming

This feature will be renamed to Implicit Grant Type, so as to align with the OAuth 2.0 spec.