OAuth2 Token
Last updated
Last updated
Type: POST
End Point: /api/oauth2/Token
Description: - /api/oauth2
is sent a GET request locally in which the server responds with the response to a GET request to the passed redirect_uri
also containing a code
parameter - Using the returned code
, locally issue a POST request to this endpoint with the same params as to /api/oauth2
as well as a client_secret
, the returned code
, "grant_type": "authorization_code"
, and optionally a userid
(only if authenticating as user) - The response will contain an access_code
if the process went smoothly. This can then be used in the request headers like "Authorization": f"Bearer {access_code}", "Accept": "application/json"
in order to access the protected api endpoints - NOTE: if the POST request was made with a valid userid
, this access token will work for all the protected endpoints. If not, then this will only allow for accessing /api/Users/ListUsers
- This process must first be invoked (also starting with the process for /api/oauth2
endpoint) to get the token for generic access (without passing a userid
). Using the recieved access_token from the response hereto, one can then invoke the process again using that access token in the request headers and the valid userid
in order to get the user-specific access token (which should then be used exclusively as the bearer token instead of the previously used generic token)
Parameters: No parameters
To get generic access token - Params: - client_id
- client_secret
- "grant_type": "authorization_code"
- code
(from earlier call to /api/oauth2
) - response_uri
- Headers: Not Necessary - Response Data: - access_token : the generic access token to use in the headers for listing users or getting the user-specific access token
To get user-specific access token - Params: - client_id
- client_secret
- "grant_type": "authorization_code"
- code
(from earlier call to /api/oauth2
) - response_uri
- userid
(a valid id of an existing & authorized user) - Headers: - "Authorization": f"Bearer {access_code}", "Accept": "application/json"
- Response Data: - access_token : The user-specific access token with which to use for any other endpoint - Note: Once retrieved, the headers for any other endpoint should contain "Authorization": f"Bearer {user_specific_access_code}", "Accept": "application/json"
where the user_specific_access_code is this access_token
from this usage