Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info

Access token issued to the client (eg: Confluence) based on authorization_code or refresh_token


Tip
titleNotes

About Oauth2: https://tools.ietf.org/html/rfc6749


Table of Contents



About access_token

Panel
title1.4. Access Token

https://tools.ietf.org/html/rfc6749#section-1.4

Access tokens are credentials used to access protected resources. An access token is a string representing an authorization issued to the client. The string is usually opaque to the client. Tokens represent specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server.




Request - authorization_code

Tip

https://tools.ietf.org/html/rfc6749#section-4.1.3


Panel
titleRFC6749 4.1. Authorization Code Grant -> 4.1.3. Access Token Request

The client makes a request to the token endpoint by sending the following parameters using the "application/x-www-form-urlencoded" format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body...


Code Block
languagebash
themeEmacs
titleSample request
linenumberstrue
curl -v -i -k -H "Authorization: OAuth" -X POST https://example.com/orestapi/oauth2/access_token?grant_type=authorization_code&code=Sgw7P0b5XaDvedkrK1SRe6kTVG4&redirect_uri=URI&client_id=M3SIwV0JqDyguvhmV0nlvsMJz75DR48c&client_secret=bHOKmLn4PHsGL0sHQiTcSAyHCtZjrOGy


ItemDescriptionNotes
endpoint/orestapi/oauth2/access_token
http methodPOST
Header
Authorization

OAuth


Parametershttps://tools.ietf.org/html/rfc6749#section-4.1.1
grant_type

REQUIRED

Value MUST be set to "authorization_code".

Use "authorization_code", it is a static value

code

REQUIRED

The authorization code received from the authorization server

Created during ORESTAPI oauth2 authorization
redirect_uri

REQUIRED

x-www-form-urlencoded format

If the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.

client_id

REQUIRED


The client_id of the application making the request
client_secret

REQUIRED

The client_secret of the application making the request




Request - refresh_token

Tip

https://tools.ietf.org/html/rfc6749#section-6


Code Block
languagebash
themeEmacs
titleSample request
linenumberstrue
curl -v -i -k -H "Authorization: Basic fidsofjsdifpi8989fdsfodsd9wief" -X GET https://example.com/orestapi/oauth2/access_token?grant_type=refresh_token&refresh_token=fdsifjsdf8sd9f8dsf


ItemDescriptionNotes
endpoint/orestapi/oauth2/access_tokendedikált, saját fejlesztésű endpoint oauth2 authorization code access_token folyamathoz
http methodPOST
Header
authorization

Basic

"Basic" + " " + base64 encoded client_id:client_secret

Parameters

grant_type

REQUIRED

Value MUST be set to "refresh_token"

Use "reresh_token", it is a static value

refresh_token

REQUIRED

The refresh_token

Should be valid, if not, error is returned




Response

Tip

https://tools.ietf.org/html/rfc6749#section-4.1.4


Panel
titleRFC6749 4.1. Authorization Code Grant -> 4.1.4. Access Token Response

If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token as described in Section 5.1. If the request client authentication failed or is invalid, the authorization server returns an error response as described in Section 5.2.


Code Block
languagebash
themeMidnight
titleSample response
linenumberstrue
     HTTP/1.1 200 OK
     Content-Type: application/json;charset=UTF-8
     Cache-Control: no-store
     Pragma: no-cache

     {
       "access_token":"2YotnFZFEjr1zCsicMWpAA",
       "token_type":"Bearer",
       "expires_in":360,
       "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
     }


ParentKeyValue TypeDescriptionNotes
-
access_token
string

Generated by Odoo

Reusable within expiry.Expires in 360s.

See settings at ORESTAPI Applications

-
token_type
string

Bearer

Static value

-
expires_in
integer360 secondsSee settings at ORESTAPI Applications
-
refresh_token
string

Generated by Odoo

Reusable within expiry

Expires in 3600s (10x the access_token). Upon every successful access_token request a new refresh_token is generated, so the validity time is prolonged.