As outlined in the getting started guide, the basics to getting a user authenticated look like this:

Create a new request token
Get the user to authorize the request token
Create a new session id with the athorized request token
Part 1 and 3 should be fairly easy to understand but I'll walk through each step to make sure it's clear.

Step 1: Create a request token

The first step as a developer is to request a new token. This is a temporary token that is required to ask the user for permission to access their account. This token will auto expire after 60 minutes if it's not used.

Step 2: Ask the user for permission

With a request token in hand, forward your user to the following URL:

https://www.themoviedb.org/authenticate/{REQUEST_TOKEN}

You can also pass this URL a redirect_to parameter, ie:

https://www.themoviedb.org/authenticate/{REQUEST_TOKEN}?redirect_to=http://www.yourapp.com/approved

Once the user has approved your request token, they will either be redirected to the URL you specified in the redirect_to parameter or to the /authenticate/allow path on TMDB. If they aren't redirected to a custom URL, the page will also have a Authentication-Callback header. This header contains the API call for step #3. You can either manually generate it or simply use the one we return.

Step 3: Create a session ID

By calling the new session method with the request token that has been approved by the user in step 2, we will return a new session_id. This is the session that can now be used to write user data. You should treat this key like a password and keep it secret.

What about guest sessions?

A guest session can be used to rate movies without having a registered TMDB user account. For more information about how to create a guest session see here.