Redirect URI usage in user authorization flow


#1

We are trying to do user authentication by using re-direct URI as mentioned in
https://developers.nest.com/documentation/cloud/how-to-auth/

We have registered re-direct URI with URL that is listening for Nest data on our cloud infra .

While our server is receiving the below data from Nest
.GET /?state=SOMESTATE&code=3UL4MGY97LKGYTQU HTTP/1.0
Host: 192.168.1.243:8383
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_2 like Mac OS X) AppleWebKit/602.3.12 (KHTML, like Gecko) Mobile/14C92
Accept-Language: en-gb
Referer: https://home.nest.com/
Accept-Encoding: gzip, deflate

How can our server decide which is client id (or user account) to which this code can be passed ?

Code here refers to code=3UL4MGY97LKGYTQU in above http dump

Will the Nest server send Nest user credentials ? If not how can the server decide to which client it should pass the code
Please clarify how re-direct URI works with mobile app . How will PIN code be passed to application using re-direct URI


#2

Please see here.

If your auth flow is initiated in your mobile app but ends in your server, your mobile app will need to use the “state” parameter to include an encoded value that will identify the user account that initiated the auth flow. Nest servers do not return any user identifiable information.