OAuth2 for iPhone and iPad applications

  • A client requests access to a provider’s service using its own unique client ID and secret token.
  • The user logs into the service directly (using a web page on the provider’s server) and grants the client permission to access.
  • The provider redirects the user to a URL unique to the client passing along a verification code in the query string.
  • The client verifies the authorization request and uses the verification code from step 3 to obtain an access token.
  • The client may periodically refresh the access token when it expires.

Source: OAuth2 for iPhone and iPad applications