Generate code_verifier, code_challenge and state variables. These variables are used to ensure the integrity and security of generating & retrieving the access_token that follows. code_verifier should be a cryptographically random generated string with lowercase & uppercase letters, digits and the punctuation characters -._~ between 43 and 128 characters long. code_challenge is the base64 url encoded version of the sha256 hashing of the code_verifier. state is a randomly generated uri encoded string used by your app to protect youself against CSRF attacks that is used to verify the integrity of the response.

Store the code_verifier and state variables locally.

More information here.

From your software, add a button "Connect with Digitail" that will redirect the user to the following url:

Digitail will prompt the user for authentication

The user authenticated and gives consent to give access to data specified.

Digitail will redirect back to the callback URL with the auth code & state params in the URL

The code is available for only 10 minutes and should be used immediately to request an access_token

Request an access_token by sending the following POST request:

Digitail will respond with the payload: