Getting access tokens with the authorization code grant
Instructions for getting access tokens with the authorization code grant flow.
Login as admin in Swagger UI
-
Select Authorize.
-
Enter the following values in the form:
Key Value client_id admin-swagger client_secret n8HF35qzZkmsukHJzzz9LnN8m9Mf97uq -
Select Authorize.
-
Select Close.
Create the client
-
Select POST
/api/admin/{tid}/clients
API. -
Select Try it out.
-
Enter
default
astid
(tenant ID). -
Use the following json as the body:
{ "authorization_server_id": "default", "client_id": "client", "client_secret": "wPeimtcljkdBeG19Xc3OXD41iZo0zxdg", "client_name": "My app", "grant_types": [ "authorization_code" ], "redirect_uris": [ "https://example.com/callback" ], "response_types": [ "token", "id_token", "code" ], "scopes": [ "email", "openid" ] }
-
Select Execute.
Make the authorize request
-
Your application initializes a redirect in the browser to the following URL:
https://localhost:8443/default/default/oauth2/authorize ?client_id=client &scope=openid &redirect_uri=https%3A%2F%2Fexample.com%2Fcallback &response_type=code
-
The user authenticates and approves the access to the data on the consent page.
Note
To test the authentication, you can use the
user:user
credentials.
Exchange the authorization code
-
Once the user has granted the access to application, the authorization server makes a redirect to the requested
redirect_uri
with the authorization code in the query parameter.https://example.com/callback ?code=Rl1OCBIpNH5h1VCmKS0GA5wC2fIHGw9nh6i3vc8ijPE
-
Your application exchanges the authorization code for the access and ID tokens.
curl -X POST -k https://localhost:8443/default/default/oauth2/token \ -u "client:wPeimtcljkdBeG19Xc3OXD41iZo0zxdg" \ -H "Content-type: application/x-www-form-urlencoded" \ -d "grant_type=authorization_code&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback&code=Rl1OCBIpNH5h1VCmKS0GA5wC2fIHGw9nh6i3vc8ijPE"
Expected response
{ "access_token": "..", "expires_in": 3600, "id_token": "..", "scope": "openid", "token_type": "bearer" }