The documentation walks you through it step by step.
Essentially, it breaks down to:
- Send the user to the auth URL in their browser.
- The user will see a screen showing the name of your app and what permissions you’re requesting.
- The user accepts those permissions and is sent back to your Redirect URI.
- If you’re using the Auth Code flow, you’ll have a code that your server can exchange for that users token. If you’re using the Implicit flow the user will have the token in the URL hash which they can use on your site.