Steps for logging in via Yandex

General steps for using Yandex to authenticate a user on your website:

  1. On the website, a Yandex user clicks a button to log in via Yandex.

    The website, which has enabled the Yandex.Passport API, redirects the user to Yandex.OAuth and requests access to specific account data on Yandex.

  2. The user grants access to personal data.

    The website gets an OAuth access token that grants permission to request this user's email addresses.

  3. The website sends a request to the Yandex.Passport API specifying the obtained token.

    The website receives the user's unique ID and the list of email addresses. The response format is described in the section Response format and content.

    Note. To send a request to the Yandex.Passport API, you may use an OAuth token with permissions to access any of the Yandex services (Yandex.Fotki, Yandex.Disk, and so on). However, only tokens with permissions from the Yandex.Passport API section provide access to user data.
  4. The site authenticates the user, using the content and settings that are assigned to this ID.

This enables a Yandex user to obtain an account on a website and get authenticated on the site, without having to create a new account.