Acme Calendar

Your schedule, simplified

Step 5: Exchange Auth Code for Access Token

Description

The authorization code is exchanged for an Access Token through a secure server-to-server request. This Access Token can then be used to authenticate API requests and access protected resources. The exchange happens on the backend to keep credentials secure.

URL

acmecalendar.com/auth?code=xxxxx

Example Code

// Parse the authorization code from URL query parameters
const urlParams = new URLSearchParams(window.location.search);
const authCode = urlParams.get('code');

// Exchange authorization code for access token
const response = await fetch('https://[STYTCH_CUSTOM_DOMAIN]/v1/oauth2/token', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    client_id: 'your-client-id',
    client_secret: 'your-client-secret',
    grant_type: 'authorization_code',
    code: authCode,
    redirect_uri: 'https://acmecalendar.com/auth'
  })
});

const data = await response.json();
// Returns access_token, id_token (if openid scope), refresh_token (if offline_access scope)
Built with v0