That’s exactly what I did !
And I noticed that some people don’t use the OAuth2 User-Agent Flow but the API call for “Authorize” and the API call for “Token”.
Ex : https://api.gumroad.com/oauth/token
So that’s what I did.
I put a “connect Gumroad” button that redirects to the authorization url. Then I get the token with the link above.
It works, but once I’m authenticated, it stays in memory, and even the other users see my data rather than theirs… Do you know where the data is stored in this case? (gumroad id, gumroad email, access-token…). Because I would like this data to be clear for the other user.
And yes I tried with Postman first and it helped me a lot