Fanbase API

English

Português
Español

English

Português
Español

Appearance

Authentication Response

After the user performs login with their credentials, they will be redirected to the URI provided in the request. Failure cases will also be redirected to the provided address. In both cases, additional information will be sent via query string.

Success Case

On success, the user will be redirected to the provided URI, with the authorization code (Authorization Code) provided in query string format:

https://example.com.br/callback?code=50b98752-ac5e-4bf3-a59b-7456f9f58685

If you included the state parameter in the request, it will be returned:

https://example.com.br/callback?code=50b98752-ac5e-4bf3-a59b-7456f9f58685&state=af0ifjsldkj

On success, the flow should continue to the token exchange step, where the received Authorization Code should be provided in back-channel communication (server to server) for security purposes.

Failure Case

On failure, the user will be redirected to the provided URI, with parameters about the error that occurred provided in query string format:

https://example.com.br/callback?error=unauthorized_client&error_description=The Client ID informed by the client is not valid.&error_uri=https://faq.xxxid.com.br/erro

Error Parameters

ParameterDescription
errorError code
error_descriptionDetailed error description
error_uriURI with more information about the error

Possible Errors

  • unauthorized_client: The provided Client ID is not valid
  • invalid_request: The provided URI does not match any of the Client's registered URIs
  • invalid_request: The use of the id_token_hint property requires the prompt value to be set as 'none'

State Validation

If you included the state parameter in the request, always validate that the returned value matches the sent value. This helps prevent CSRF attacks.

Implementation Example

javascript
const urlParams = new URLSearchParams(window.location.search);
const code = urlParams.get('code');
const error = urlParams.get('error');
const state = urlParams.get('state');

if (error) {
  console.error('Authentication error:', error);
  const errorDescription = urlParams.get('error_description');
  console.error('Description:', errorDescription);
} else if (code) {
  if (state && state !== sessionStorage.getItem('oauth_state')) {
    console.error('State does not match - possible CSRF attack');
    return;
  }
  exchangeCodeForToken(code);
}

Next Step

After receiving the authorization code, continue to Token Endpoint.

Fanbase API Documentation

Copyright © 2025 Fanbase