OAuth2 Token

Type: POST

End Point: /api/oauth2/Token

Description: - /api/oauth2 is sent a GET request locally in which the server responds with the response to a GET request to the passed redirect_uri also containing a code parameter - Using the returned code, locally issue a POST request to this endpoint with the same params as to /api/oauth2 as well as a client_secret, the returned code, "grant_type": "authorization_code", and optionally a userid (only if authenticating as user) - The response will contain an access_code if the process went smoothly. This can then be used in the request headers like "Authorization": f"Bearer {access_code}", "Accept": "application/json" in order to access the protected api endpoints - NOTE: if the POST request was made with a valid userid, this access token will work for all the protected endpoints. If not, then this will only allow for accessing /api/Users/ListUsers - This process must first be invoked (also starting with the process for /api/oauth2 endpoint) to get the token for generic access (without passing a userid). Using the recieved access_token from the response hereto, one can then invoke the process again using that access token in the request headers and the valid userid in order to get the user-specific access token (which should then be used exclusively as the bearer token instead of the previously used generic token)

Parameters: No parameters

  1. To get generic access token - Params: - client_id - client_secret - "grant_type": "authorization_code" - code (from earlier call to /api/oauth2) - response_uri - Headers: Not Necessary - Response Data: - access_token : the generic access token to use in the headers for listing users or getting the user-specific access token

  2. To get user-specific access token - Params: - client_id - client_secret - "grant_type": "authorization_code" - code (from earlier call to /api/oauth2) - response_uri - userid (a valid id of an existing & authorized user) - Headers: - "Authorization": f"Bearer {access_code}", "Accept": "application/json" - Response Data: - access_token : The user-specific access token with which to use for any other endpoint - Note: Once retrieved, the headers for any other endpoint should contain "Authorization": f"Bearer {user_specific_access_code}", "Accept": "application/json" where the user_specific_access_code is this access_token from this usage

PreviousOAuth2NextUsers

Last updated