OAuth2 Integration - Ylsoo Docs

Overview

Ylsoo OAuth2 allows users to log in to your application using their Ylsoo account. This guide walks you through the implementation process.

✓ What you get: Users can authenticate securely without creating new passwords, and you get their email address.

Getting Started

1. Register Your Application

Log in to your Ylsoo account
Go to My Account → My OAuth2 Links
Click "Create New Application"
Enter your app name and redirect URIs
Save your Client ID and Client Secret

🔒 Important: Keep your Client Secret safe! Never expose it in frontend code or public repositories.

OAuth2 Authorization Flow

Step 1: Authorization Request

Redirect users to Ylsoo to authorize your application:

https://ylsoo.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=https://yourapp.com/callback&scope=profile%20email&state=random_string
      

Parameter	Required	Description
`client_id`	Yes	Your application's client ID
`redirect_uri`	Yes	Must match one of your registered redirect URIs
`scope`	No	Requested permissions (e.g., "profile email")
`state`	Recommended	Random string to prevent CSRF attacks

Step 2: User Authorization

User logs in to Ylsoo and authorizes your application. They are then redirected back to your redirect_uri with an authorization code.

Step 3: Exchange Code for Token

Send the authorization code to Ylsoo's token endpoint to get an access token:

POST https://ylsoo.com/oauth/token

{
  "grant_type": "authorization_code",
  "code": "AUTHORIZATION_CODE",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "redirect_uri": "https://yourapp.com/callback"
}
      

Response:

{
  "access_token": "token_value_here",
  "token_type": "Bearer",
  "expires_in": 2592000,
  "scope": "profile email"
}
      

Step 4: Get User Info

Use the access token to fetch user information:

GET https://ylsoo.com/oauth/me

Headers:

Authorization: Bearer {access_token}

Response:

{
  "email": "user@example.com",
  "scope": "profile email"
}
      

Code Examples

Node.js / Express Example

const axios = require('axios');
const express = require('express');
const app = express();

const CLIENT_ID = 'your_client_id';
const CLIENT_SECRET = 'your_client_secret';
const REDIRECT_URI = 'https://yourapp.com/auth/callback';

// Step 1: Redirect to Ylsoo login
app.get('/login', (req, res) => {
  const authUrl = `https://ylsoo.com/oauth/authorize?client_id=${CLIENT_ID}&redirect_uri=${REDIRECT_URI}&scope=profile%20email`;
  res.redirect(authUrl);
});

// Step 2 & 3: Handle callback
app.get('/auth/callback', async (req, res) => {
  const { code } = req.query;
  
  try {
    // Exchange code for token
    const tokenRes = await axios.post('https://ylsoo.com/oauth/token', {
      grant_type: 'authorization_code',
      code,
      client_id: CLIENT_ID,
      client_secret: CLIENT_SECRET,
      redirect_uri: REDIRECT_URI
    });
    
    const accessToken = tokenRes.data.access_token;
    
    // Get user info
    const userRes = await axios.get('https://ylsoo.com/oauth/me', {
      headers: { Authorization: `Bearer ${accessToken}` }
    });
    
    const { email } = userRes.data;
    
    // Create/update user in your database
    // Set session or JWT token
    res.redirect('/dashboard');
  } catch (error) {
    console.error('OAuth error:', error);
    res.status(500).send('Authentication failed');
  }
});
      

JavaScript / Fetch Example

// Frontend: Redirect to login
function loginWithYlsoo() {
  const clientId = 'your_client_id';
  const redirectUri = encodeURIComponent('https://yourapp.com/auth/callback');
  window.location.href = `https://ylsoo.com/oauth/authorize?client_id=${clientId}&redirect_uri=${redirectUri}`;
}

// Backend endpoint to handle callback
async function handleCallback(code) {
  const response = await fetch('https://ylsoo.com/oauth/token', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      grant_type: 'authorization_code',
      code,
      client_id: 'your_client_id',
      client_secret: 'your_client_secret',
      redirect_uri: 'https://yourapp.com/auth/callback'
    })
  });
  
  const data = await response.json();
  return data.access_token;
}
      

Security Best Practices

Never expose Client Secret: Keep it server-side only
Always use HTTPS: OAuth2 requires secure connections
Use state parameter: Prevents CSRF attacks
Validate redirect_uri: Only redirect to registered URIs
Store tokens securely: Use secure, httpOnly cookies or server-side sessions
Check token expiry: Access tokens expire in 30 days

Troubleshooting

Invalid redirect_uri

Make sure your redirect URI exactly matches what you registered in your application settings.

Invalid client_id

Double-check that you're using the correct Client ID from your application settings.

Token expired

Access tokens expire after 30 days. Users will need to log in again after expiration.

Need Help?

For technical support or questions, please contact us at support@ylsoo.com

← Back to My OAuth2 Links Home

🔐 OAuth2 Integration Guide