User's Perspective
The OAuth flow aims to achieve a very simple goal:
Confirming that the user wants external application X to have access to data Y
There are two ways to start this flow:
- From within Noona HQ (App Store)
- From external application (Traditional OAuth approach)
- App Store
- External Application
![](/docs/assets/images/app_store-e70a7aeb05ec3b9b77d3bb2141e422c8.png)
User clicks install
![](/docs/assets/images/consent-27a5575cb7a286d078cf5f771b8a7b75.png)
User approves requested scopes
![](/docs/assets/images/app_info-dd9a8bc36e40fa39478eb2780bda2c9e.png)
User is redirected to app's landing page that shows information tailored to this specific user
![](/docs/assets/images/app_store_installed-a510cfdd40dbbd159c2f0d8501efa94c.png)
App is now enabled for user and he can navigate to it without having to give consent again
![](/docs/assets/images/noona_logo-11b19492838db55062d3162e3fb6c287.png)
User has external system open but it's not connected to his Noona account, user clicks button to authenticate with Noona HQ
![](/docs/assets/images/consent-27a5575cb7a286d078cf5f771b8a7b75.png)
User approves requested scopes
![](/docs/assets/images/app_info-dd9a8bc36e40fa39478eb2780bda2c9e.png)
User is redirected back to app that now shows information tailored to this specific user
![](/docs/assets/images/app_store_installed-a510cfdd40dbbd159c2f0d8501efa94c.png)
App is now enabled for user and he can navigate to it without having to give consent again
Super simple right?!