0

We have a multi-tenant application (AccountingSuite.com) and we want to have a Connect to Dwolla button in the application.

The button will open:

https://www.dwolla.com/oauth/v2/authenticate?client_id={client_id}&response_type=code&redirect_uri={redirect_uri}&scope={scope}&state={instance_id}

notice there is the state parameter at the end identifying an instance in our multi-tenant app. After a successful authentication the response URI needs to contain the state parameter, otherwise it's impossible for us to find out which instance sent a connect request. Currently the state parameter is stripped in the return.

This is a pretty standard OAuth flow (see, for example Stripe).

Please let me what I don't do right, or pass through the state parameter in the OAuth flow.

4

1 回答 1

0

虽然 Dwolla 不支持state参数,但作为替代方案,您可以将state参数指定为return_uri.

例如,如果您使用此返回 URI:

http://www.example.com/somepage?state=foobar

在 Dwolla 上授予您的应用程序权限后,用户将通过以下方式重定向到您的应用程序:

http://www.example.com/somepage?state=foobar&code={OAuth Verification Code}
于 2013-09-04T00:41:44.827 回答