OAuth Flow ​

OAuth 2.0 is a protocol that allows your app to securely request and receive tokens from the YouCan platform, which are then used to make API calls on behalf of the merchant.

The following diagram illustrates the OAuth flow based on the actions of the merchant, the app, and YouCan:

1. Authorization: When a merchant accesses the app, they will be directed to YouCan's authorization screen to authorize the app.
2. Receiving the Authorization Grant: After granting permission, YouCan will redirect them back to the app with an authorization code.
3. Obtaining an Access Token: The app will then exchange this authorization code for an access token by making a request to the YouCan API.
4. Making Authenticated Requests: With the access token, the app can make requests to the YouCan API and access the store's data as allowed by the scopes granted during authorization.

Session Management ​

Once the OAuth flow is complete, we use the session information (including encoded tokens containing store ID and seller ID) to create a session.

The authentication middleware within the app (authenticate.global.ts and authenticate.ts) handle the validation of the session.