WP4: Infrastructure
Space shortcuts
Page tree

Versions Compared

Old Version 13

changes.mady.by.user Dario Vischi

Saved on

compared with

New Version 14

changes.mady.by.user Dario Vischi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

MethodDescriptionParametersExample
Authorization CodeAn end-user authorizes a specific client for a set of resources. The application can then request the corresponding access token provided by the end-user.
scope
:
list of strings
code
:
grant's unlock code
client_id
:
client's ID
redirect_uri
:
client's URL*

Request:
http://localhost:8002/oauth/token?grant_type=authorization_code
    &scope=read
    &code=1234
    &client_id=1234
    &redirect_uri=http://localhost:8002/ui

Response:
{
    "token_type": "Bearer",
    "version": "1.0.0",
    "access_token": "LLL7SFMWkE6BcNc6M4dXHQXJ3UINTz",
    "scope": "read",
    "expires_in": 86400,
    "refresh_token": "uC5FRcq1MsITDfMb1fQlPLQO7RhuxH"
}'

Client CredentialsGiven, a client is owner of a set of resources it can request a corresponding access token itself.

scope: list of strings
client_id: client's ID
client_secret: client's authentication code

Request:
http://localhost:8002/oauth/token?grant_type=client_credentials
    &scope=read
    &client_id=1234
    &client_secret=abcd

Response:
{
    "access_token": "wCPvIbuZoVp589eIczfmkNI1a8i5Ym",
    "token_type": "Bearer",
    "version": "1.0.0",
    "expires_in": 86400,
    "scope": "read"
}

Password

Clients are grouped into public and confidential clients. Hereby, a 'confidential' clients is allowed to request an access token in the name of an end-user.

scope: list of strings
client_id: client's ID
username: end-user's name
password: end-user's password

Request:
http://localhost:8002/oauth/token?grant_type=password
    &scope=read
    &client_id=1234
    &username=TestUser1
    &password=1234

Response:
{
    "token_type": "Bearer",
    "version": "1.0.0",
    "access_token": "zOJ5avH29S1gALoT2ogcjdpelR2HSF",
    "scope": "read",
    "expires_in": 86400,
    "refresh_token": "DGdSeoxPJDRFH4ZXzQwCJ6xZDX6F26"
}

Refresh TokenAccess tokens expire after a certain period. To expand a valid access token a client can request a new access token using a refresh token obtained with the old one.

scope: list of strings
client_id: client's ID

refresh_token: valid refresh token

Request:
http://localhost:8002/oauth/token?grant_type=refresh_token
    &scope=read
    &client_id=1234
    &refresh_token=DGdSeoxPJDRFH4ZXzQwCJ6xZDX6F26

Response:
{
    "token_type": "Bearer",
    "version": "1.0.0",
    "access_token": "OWLwWDpL2QDWKAHN8qWC7eBwqjKjs9",
    "scope": "read",
    "expires_in": 86400,
    "refresh_token": "IAFzNvlB7bAcU3TUZpdJxxkLEf8Kbv"
}

* The redirect_uri is validated by oAuth2 due open redirection vulnerabilities. (see previous section)

...