OVERVIEW
Implicit flow is deprecated
The Implicit flow (Legacy) is required for Apps and Websites that have no backend logic on the web server, and everything that is passed between the App or the Website and Accor Hub Authent can be viewed using browser development tools.
In order to Authenticate your User via the Implicit Flow, you just have to follow 2 steps:
- Redirect your User to the Accor Login page
- Your User is redirected back to your Callback url
STEP 1: REDIRECT YOUR USER TO THE ACCOR LOGIN PAGE
You have to redirect your User’s browser to the Accor Login page.
Then, once redirected :
- if the user is authenticated, you're done.
- if the user is not yet authenticated, the member is presented with Accor’s authentication page.
Request:
Type | Endpoint |
---|---|
GET | https://login.accor.com/as/authorization.oauth2 |
Parameters:
Name |
Value |
Required |
---|---|---|
response_type | The value of this field should always be token | Yes |
client_id | The appId key value generated when you register your application. | Yes |
redirect_uri | The URL your users are sent back to after authorization. | Yes |
scope | URL-encoded, space-delimited list of member permissions your application is requesting on behalf of the user. | Yes |
prompt | Used to display the authentication page (empty) or not (none). Use prompt=none when the user is already authenticated on another website (e.g. all.accor) | No |
ui_locales | Language code (2 digits) | No |
persistent | Should be yes for activating the “remember me” checkbox | No |
Example of Request:
GET https://login.accor.com/as/authorization.oauth2?response_type=token&client_id={your_client_id}&redirect_uri=https://yourdomain/callback&scope={list_of_scopes}
Accor login page:
STEP2: YOUR USER IS REDIRECTED TO YOUR CALLBACK URL
After your User is signed in on Accor, he will be redirected automatically to your callback URL with the access_token, that you sent in your request.
Request:
Type | Endpoint |
---|---|
GET | https://yoursite/Callback_URL |
Parameters:
Name |
Value |
Required |
---|---|---|
access_token | The access token for the application | Yes, if authenticated |
token_type | Value: Bearer | Yes |
expire_in | The number of seconds remaining until the token expires. Currently, all access tokens are issued with a 30 minutes lifespan | Yes |
Example of Request: