Your app must initiate a redirect to an endpoint which will display the login dialog: This parameter should be used for preventing Cross-site Request Forgery and will be This will return control flow back to your app with an access token on . by undoing whatever login status indicator you added, for example deleting the .