Authentication via Audience Sync
About Audience Sync
The Audience Sync authorization flow is simply an OAuth extension, and is almost identical to the standard authorization code flow. It allows you (the publisher) to require information from a user before they can comment on your website.
This is how you start AudienceSync. Skip to User Validation if you're using the embed AudienceSync implementation.
You'll need to first redirect the user to the authorize endpoint, with a different
response_type in addition
Location: https://disqus.com/api/oauth/2.0/authorize/? client_id=PUBLIC_KEY& response_type=audiencesync& forum_id=FORUM_SHORTNAME redirect_uri=http://www.example.com/oauth_redirect
The same rules that apply for our standard authorization flow also apply here.
The user will then be given a choice to accept or deny your request. If they choose to allow your application, they will be redirected back to your site with a temporary access code as the
code parameter. If they do not, they will be redirected with an
error parameter instead.
The following values are made available as part of the query string when the user is redirected back to your
- A temporary token which you will exchange for a finalized access token.
- The username of the user who you're requesting authorization of.
- A unique identifier for this user which is guaranteed not to change.
- The URL to which you will redirect the user once you've confirmed their authorization.
At this point, you the publisher, may choose to request additional information from the user (such as
age), and perform any validation required. Once you've confirmed the user, authorize them with the server to
grant them permission as well as to receive an
access_token which can be used to query additional
data form the user:
POST https://disqus.com/api/oauth/2.0/access_token/ grant_type=audiencesync& client_id=PUBLIC_KEY& client_secret=SECRET_KEY& redirect_uri=http://www.example.com/oauth_redirect& code=CODE
Once you have obtained the users access token, the final step is to redirect the user to the
Location: https://disqus.com/audiencesync/complete/? client_id=PUBLIC_KEY& user_id=USER_ID& access_token=ACCESS_TOKEN& success=SUCCESS_VALUE
SUCCESS_VALUE should be
1 for a successful completion, or
0 if the user failed
to complete the process.
We will then complete the process, and the user will now be authenticated to engage with Disqus on your website.