Page tree
Skip to end of metadata
Go to start of metadata

Resource owner (Odoo user) authorizes a Confluence application (client) to obtain access token.

We use "authorization code" type.




RFC6749 3.1

https://tools.ietf.org/html/rfc6749#section-3.1

Authorization endpoint - used by the client to obtain authorization from the resource owner via user-agent redirection.

The endpoint URI MAY include an "application/x-www-form-urlencoded" formatted (per Appendix B) query component ([RFC3986] Section 3.4), which MUST be retained when adding additional query parameters. The endpoint URI MUST NOT include a fragment component.

Since requests to the authorization endpoint result in user authentication and the transmission of clear-text credentials (in the HTTP response), the authorization server MUST require the use of TLS as described in Section 1.6 when sending requests to the authorization endpoint.

The authorization server MUST support the use of the HTTP "GET" method [RFC2616] for the authorization endpoint and MAY support the use of the "POST" method as well.



Request

4.1. Authorization Code Grant -> 4.1.1. Authorization Request

https://tools.ietf.org/html/rfc6749#section-4.1.1

The client constructs the request URI by adding the following parameters to the query component of the authorization endpoint URI using the "application/x-www-form-urlencoded" format

Sample request
curl -v -i -k -H "Authorization: OAuth" -X GET https://example.com/orestapi/oauth2/authorization?response_type=code&client_id=CLIENT_ID&redirect_uri=URI&scope=read&state=STATE
ItemDescriptionNotes
endpoint/orestapi/oauth2/authorizationEndpoint for oauth2 authorization code grant authorization flow
http methodGET
Header
authorization

OAuth


Parametershttps://tools.ietf.org/html/rfc6749#section-4.1.1
response_type

REQUIRED

Value MUST be set to "code".

Always use "code", it is a static value

client_id

REQUIRED

The client (Confluence instance) identifier

Created and stored during application linking
redirect_uri

REQUIRED

x-www-form-urlencoded format

REDIRECT_URI must match the setting for the APPLICATION:

The redirection endpoint URI MUST be an absolute URI as defined by [RFC3986] Section 4.3. The endpoint URI MAY include an "application/x-www-form-urlencoded" formatted (per Appendix B) query component ([RFC3986] Section 3.4), which MUST be retained when adding additional query parameters. The endpoint URI MUST NOT include a fragment component.

scope

REQUIRED

The scope of the access request


state

REQUIRED

The value is included when redirecting the user-agent back to the client

STATE is a control string that must be validated by the client




Response

4.1. Authorization Code Grant -> 4.1.2. Authorization Response

https://tools.ietf.org/html/rfc6749#section-4.1.2

If the resource owner grants the access request, the authorization server issues an authorization code and delivers it to the client by adding the following parameters to the query component of the redirection URI using the "application/x-www-form-urlencoded" format

Sample response
{
 "code": "fsfsdfsdsd"
 "state": "fesfmsdpofmd89222"
}
ParentKeyValue TypeDescriptionNotes
-code

Generated by Odoo.

Must be included later in a token request LINK

Not reusable (can be used once)

REQUIRED. The authorization code generated by the authorization server.

The authorization code MUST expire shortly after it is issued to mitigate the risk of leaks. A maximum authorization code lifetime of 10 minutes is RECOMMENDED. The client MUST NOT use the authorization code more than once.

If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously issued based on that authorization code.

The authorization code is bound to the client identifier and redirection URI.

-state

REQUIRED if the "state" parameter was present in the client authorization request.

The exact value received from the client in the request

The remote application should validate if state is same as it was sent

  • No labels