Set up an authorization server

Make sure that the authorization server meets the Yandex Dialogs requirements:

• Runs according to RFC.

• Processes required parameters, authenticates users, and generates an authorization code.

• After the user authenticates on the authorization server, the server redirects the OAuth app (the Alice app) to the URL: https://social.yandex.net/broker/redirect (redirection endpoint). In the request parameters, the server passes an authorization code and other parameters.

• The URL used to get the token can identify the OAuth application and generate an OAuth token (optionally also a refresh token) for the authorization code passed.

  The response length is limited to 5000 characters, and the length of the OAuth token or refresh token to 2048 characters. Token lifetime (the expires_in property) must be an integer between 1 and 4,294,967,296.

Instead of your own authorization server, you can use the Yandex ID API to authenticate Yandex users.

Next step → Link accounts

Useful links

• OAuth 2.0 specification

• OAuth implementation in Yandex