WP4: Infrastructure
Space shortcuts
Page tree

Versions Compared

Old Version 14

changes.mady.by.user Dario Vischi

Saved on

compared with

New Version 15

changes.mady.by.user Dario Vischi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Depending on the use-case oAuth2 provides four authentication methods, or grant types, which are given in the following table. Hereby, an application, called client, can request an access token for a specific scope which is

Method

Description

Parameters

Parameter

Example

Authorization CodeAn end-user authorizes a specific client for a set of resources. The application can then request the corresponding access token provided by the end-user.
Column
width250px
scopelist of strings
codegrant's unlock code
client_idclient's ID
redirect_uriclient's URL*
Column
width450px

Request:
http://localhost:8002/oauth/token?grant_type=authorization_code
    &scope=read
    &code=1234
    &client_id=1234
    &redirect_uri=http://localhost:8002/ui

Response:
{
    "token_type": "Bearer",
    "version": "1.0.0",
    "access_token": "LLL7SFMWkE6BcNc6M4dXHQXJ3UINTz",
    "scope": "read",
    "expires_in": 86400,
    "refresh_token": "uC5FRcq1MsITDfMb1fQlPLQO7RhuxH"
}

Client CredentialsGiven, a client is owner of a set of resources it can request a corresponding access token itself.
scope
:
list of strings
client_id
:
client's ID
client_secret
:
client's authentication code

Request:
http://localhost:8002/oauth/token?grant_type=client_credentials
    &scope=read
    &client_id=1234
    &client_secret=abcd

Response:
{
    "access_token": "wCPvIbuZoVp589eIczfmkNI1a8i5Ym",
    "token_type": "Bearer",
    "version": "1.0.0",
    "expires_in": 86400,
    "scope": "read"
}

Password

Clients are grouped into public and confidential clients. Hereby, a 'confidential' clients is allowed to request an access token in the name of an end-user.

scope
:
list of strings
client_id
:
client's ID
username
:
end-user's name
password
:
end-user's password

Request:
http://localhost:8002/oauth/token?grant_type=password
    &scope=read
    &client_id=1234
    &username=TestUser1
    &password=1234

Response:
{
    "token_type": "Bearer",
    "version": "1.0.0",
    "access_token": "zOJ5avH29S1gALoT2ogcjdpelR2HSF",
    "scope": "read",
    "expires_in": 86400,
    "refresh_token": "DGdSeoxPJDRFH4ZXzQwCJ6xZDX6F26"
}

Refresh TokenAccess tokens expire after a certain period. To expand a valid access token a client can request a new access token using a refresh token obtained with the old one.
scope
:
list of strings
client_id
:
client's ID
refresh_token
:
valid refresh token

Request:
http://localhost:8002/oauth/token?grant_type=refresh_token
    &scope=read
    &client_id=1234
    &refresh_token=DGdSeoxPJDRFH4ZXzQwCJ6xZDX6F26

Response:
{
    "token_type": "Bearer",
    "version": "1.0.0",
    "access_token": "OWLwWDpL2QDWKAHN8qWC7eBwqjKjs9",
    "scope": "read",
    "expires_in": 86400,
    "refresh_token": "IAFzNvlB7bAcU3TUZpdJxxkLEf8Kbv"
}

...