The XWMS API uses OAuth 2.0 for secure authentication and authorization.
powered by xwms
OAuth is an authorization standard that lets applications access protected user data without sharing user passwords.
Your app redirects the user to XWMS for login and consent. After successful authentication, XWMS returns an authorization code to your application.
An authorization code is a short-lived code that your backend exchanges for an access token.
An access token is a temporary credential used to call protected API endpoints on behalf of a user or client.
A refresh token allows your application to request a new access token without forcing the user to log in again.
Token lifetime depends on your configured security policy and client setup.
Supported flows include common OAuth patterns such as Authorization Code flow. Always use the flow that matches your app type and security requirements.
Yes. Mobile apps can integrate OAuth securely, typically using PKCE-enabled authorization flows.
Yes. Web applications commonly implement Authorization Code flow on a secure backend.
Redirect URLs can be managed in each client's settings. Use exact callback URLs that your application actually handles.
Exact URI matching prevents open redirect abuse and ensures authorization responses are only sent to trusted endpoints.
Yes. You can register multiple redirect URIs for a client, for example for local, staging, and production environments.
现场支持
开始对话
您必须登录才能启动支持票证。
登录欢迎回来。开始申请票或留下您的问题。
