Debugging token

You can use debugging tokens to test applications that use OAuth. Debugging tokens are obtained by opening oauth.yandex.com in a browser with the necessary parameters. Debugging tokens, like any other tokens, can always be revoked.

To get a token manually:

  1. When registering or editing an application, click Set URL for development in the Callback URL field.
  2. Log in on Yandex with the user account that the application will be working on behalf of, then click the link that looks like this:
    https://oauth.yandex.com/authorize?response_type=token&client_id=<application ID>

    The ID is available in the application properties (click the name of the application to open its properties).

  3. On the page that opens, click the Confirm button to grant access to your account. You do not need to grant access if a token has already been issued for this application and it has not expired yet.

The OAuth server will redirect you to the address from the Callback URL field, appending the token data after the # symbol:

http://www.example.com/token#
   access_token=<new OAuth token>
 & expires_in=<token lifespan in seconds>
Parameter Description
access_token

The OAuth token with the requested permissions, or with the permissions specified when registering the application.

expires_in

The token lifespan in seconds.

If the token could not be issued, the OAuth server appends an error code to the address:

http://www.example.com/token#
  error=<error code>

Possible error codes:

  • access_denied — The user denied the application access.
  • unauthorized_client — The application was rejected during moderation, or moderation is pending. This code is also returned if the application is blocked.