Confused about OAuth Authorization Flow - is this correct?


#1

Hey,
Second post here but this is unrelated to the other one.

We had a flow in mind when we started implementing Hydra in our app, and am not sure if we misinterpreted something.

-> ThirdPartyGame creates an OAuth client on MyAPI using an endpoint we expose to them, which on our side registers the client in Hydra
-> User goes to ThirdPartyGame and clicks Login with MyApp
-> ThirdPartyGame somehow generates a URL (Question: how? what should this URL be? do we need to expose some endpoint on our side for this?)
-> Somehow, User gets redirected to MyApp which shows a login form
-> User logs in and MyAPI authenticates the login and lets Hydra know the user logged in
-> User gets redirected to consent URL on MyApp and chooses to give certain permissions, which then MyAPI sends back to Hydra
-> User is redirected to ThirdPartyGame

I am struggling with what the RedirectUris should be for the Clients, and how do they start the flow in the first place?