< Back to Manuals


In case your application has no backend (or server), then you need to create a client which uses the OAuth 2.0 Implicit Grant flow.

OAuth 2.0 Implicit Grant Flow

The Implicit grant flow is of a very similar nature to the authorization code grant, with the only difference being that the server returns the access token instead of the auth token once the user is redirected.

OAuth 2.0 Implicit Grant Flow

As indicated above, this flow can be broken into the following steps:

  1. Since there is no backend in your application, user authorization is handled by Playoff. The use needs to login with with his Playoff account.

  2. The user is redirected from your application to Playoff's authorization endpoint.

  3. Here, the user logs into their Playoff account and are shown an authorization prompt to authorize your application to use their Playoff credentials.

  4. The user can decide to either grant or deny your application permission. Let us assume permission is granted.

  5. The user is redirected to the redirect URI (provided by you) along with an access token, which can be used by your app to access the user's resources.

Creating the Client

To create a client, head over to your app and navigate to Menu > Develop > Clients. There, add a new client and in the client page, select

  • No for the first question (Should API calls be made from the backend?)
  • No for the second (Has own login login system?)

    Creating an Implicit Grant flow client

You will need to enter a client name and choose if it is a test client. In a test client, all activity will happen in staging, so that your can safely test your client without worrying about data in production.

The client scopes decide what parts of the API does this client have access to. Be default, the client has access to only Player Runtime routes.


Since this type of client resides in the browser, you have to use the Playoff Javascript SDK.