Using Authorization Code

In the Authorization Code grant type, the user can authenticate with the resource server and give the app consent to access protected resources without exposing username/passwords to the client app.

The authorization request is sent to the authorization endpoint to obtain an authorization code.

Step 1: Configure the OAuth Authorization End Point policy, provide the following parameter values in the Postman and click the Send button to get the authorization code:

• Method: GET.
• URL: Project proxy URL.
• Query Parameters:
  • response_type: Must be set to code.
  • client_id: The client identifier as assigned by the authorization server, when the client was registered (displayed as "Consumer Key" for the corresponding product subscribed by the client).
  • redirect_uri: The redirect URI registered by the client.
  • scope: The possible scope or list of permissions that are requested. This parameter is OPTIONAL. Example: READ,WRITE etc. This list must be a subset of the scopes provided in the client subscription.
    
    

• URI: To get the oauth_code 

  Sample request

  Sample

  http://192.168.2.134:1860/oep/1.0/?client_id=DLdZUFebTORPSCvOEskbqnIm&redirect_uri=http://localhost:1981&response_type=code
  

• Response: Response to the URI above:

  Sample

  http://localhost:1981/?code=683e6437e46164f74a179e30ffb98b89

Step 2: Configure the OAuth Token End Point policy, provide the following parameter values in the Postman and click the Send button to get the access token:

• Method: POST.
• URL: Project proxy URL.
• Headers:
  • Content-Type: application/x-www-form-urlencoded
• Query Parameters:
  • • client_id: The client identifier as assigned by the authorization server, when the client was registered (displayed as "Consumer Key" for the corresponding product subscribed by the client).
    • client_secret: The client's password with which it got registered (displayed as "customer-secret" for the corresponding product subscribed by the client).
    • grant_type: Must be set to authorization_code.
    • code: The authorization code received from the authorization server at the end of Step 1.

    • redirect_uri: The redirect URI registered by the client. This value must be the same as that is assigned to the query parameter to gain an authorization code from the authorization server.

 

• • • scope: The possible scope or list of permissions that are requested. This parameter is OPTIONAL. Example: READ,WRITE etc. This list must be a subset of the scopes provided both in the Step 1 for obtaining code and in client subscription. Refer to the Obtaining Access Token with Scope section to know how to use this option.

 

• • URI: To get the oauth access-token

    Sample request

    Sample URL generated by Postman using the above-mentioned parameter values

    Icon

    http://192.168.2.231:2160/tokenEnd/1.0?redirect_uri=http://localhost:1981&code=683e6437e46164f74a179e30ffb98b89&client_id=Qvf-wSSLmGfjULQrbMCmRcab&client_secret=bxgxUUifvUYFBHnRqMFYtOQqOgkcOkjgTkMH&grant_type=authorization_code

  • Response: Response to the URI consists of an access token and the time for which the token is valid and a refresh token. When a valid request is sent, the response will be as below.