As previously mentioned in the getting started guide, we now do a better job of separating application and user based authentication. Since the two systems are essentially the same and the only difference is the token you're passing around, it should be a lot easier to understand and use.
- Generate a new request token
- Send the user to TMDB asking the user to approve the token
- With an approved request token, generate a fresh access token
You can think of a request token as a temporary token that is waiting for the TMDB user to authorize on your behalf. It serves no other purpose and cannot be used for authenticating requests. Unused request tokens will automatically expire after 15 minutes.
In order for a user to approve your request token, you'll want to direct the user to the website:
Along with this request, you're expected to send the request token as a query parameter like the example above.
Once a user has approved your request, they'll either be directed to the
/auth/access/approve page on TMDB or redirected to the
redirect_to path you specified when you made the request token. Remember, this can also be a local callback on mobile iOS and Android.
Updated 10 months ago