Terminology

A

Authorization code

A 16‑character string that the user provides in exchange for an OAuth token used for authorization. Learn more about the OAuth 2.0 protocol.

C

Client ID

A unique app ID. The ID can't be changed.

Client Secret

The app's secret key used to sign a JWT token that contains user information.

To get a new secret key, click Renew Client secret in your OAuth account. You can use the key renewal function if you need to limit access to the app in Yandex OAuth. After the renewal, the previous key stops working.

D

Debug token

You can test your apps with debug tokens. To get them, open Yandex OAuth in the browser with the required parameters. Debug tokens can be revoked.

H

Hostname

The address of the page that hosts the button or widget.

I

Instant authorization

An authorization technology that lets users log in to your app using their Yandex account:

If the user is already logged in to their Yandex account on the current device, a widget or button will show their profile image and name. This means they can log in to your site using their Yandex account through the widget or custom button.
If the user hasn't logged in to their Yandex account yet, they can log in through the widget or button.

L

LoginSDK

includes libraries for iOS and Android that allow third-party mobile apps to enable OAuth user authorization via Yandex accounts.

O

OAuth 2.0

An authorization protocol that lets you encode the user ID, app ID, and set of permissions into a token (a sequence of characters).

OAuth app

Program, mobile app, or web service registered in Yandex OAuth.

OAuth token

A string that allows the app to access Yandex services on behalf of a specific user. In the context of protocol usage, OAuth token can be shortened to token.

Each OAuth token contains:

ID of the account that can be accessed.
ID of the app with access permissions.
Set of permissions (actions available to the app).

Thus, the token shows what this app can do on behalf of a particular account.

R

Requested permissions

An action or set of actions on behalf of the user that are available over the OAuth protocol.

Yandex OAuth always specifies in its tokens the permissions chosen by the developer when registering or setting up the app. For the same OAuth app, you can't get two working tokens with different permissions at the same time.

Redirect URI

URL of the page the user will be redirected to after authorization. This page will also be receiving an OAuth token.

The app may have multiple Redirect URI addresses. Different addresses can be used if the website allows authorization using different scenarios — for example, when you need to set up multiple environments or when you have a product ecosystem where a single client_id works across different apps.

Refresh token

An additional string issued with the OAuth token. You can use the refresh token to update your OAuth token. The OAuth token expires when user information needs to be updated or any missing permissions must be requested (when new ones are added).

S

Service verification

Account verification via Gosuslugi. If your account isn't verified, users will see a warning before granting your service access to their data.

Verifying your account gives you the following benefits:

Get technical support for Yandex OAuth.
Register more than 5 apps.
Access additional user information.
Connect to other Yandex APIs.

Was the article helpful?

Update a token

Feedback