-
Notifications
You must be signed in to change notification settings - Fork 3
Service: OAuth2 Token Request with Password Grant
OAuth2 token request with password grant requires username and password for user authentication, therefore it is allowed only for trusted or super clients, e.g. KorAP web-UI Kalamar.
It is a necessary part in KorAP OAuth2 authorization process as it provides initial user authentication token required in an authorization request. The authorization request is a per-requisite for OAuth2 token request with authorization code grant. Thus, OAuth2 token request with authorization code grant depends on that with password grant.
This service requires client authentication for confidential clients. Client credentials should be included either in the authorization header or in the request body.
Available in: full version
Method: POST
Service URL: root/oauth2/token
| Name | Required | Description | Value |
|---|---|---|---|
| Authorization | yes, for confidential clients | Client authentication with HTTP Basic Authentication mechanism. Alternatively without Authorization header, client credentials can be specified in the request body. Client authentication is required for confidential clients. | client_id:client_secret encoded in Base64 |
| Content-Type | yes | content type of the input data | application/x-www-form-urlencoded |
URL-encoded form parameters
| Name | Required | Description | Type | Values |
|---|---|---|---|---|
| grant_type | yes | The OAuth2 grant type. | String | password |
| client_id | yes | The client identifier. | String | client_id given on client registration |
| client_secret | yes, for confidential clients | The client secret. Specify either in the Authorization header or the request body. Client authentication is required for confidential clients. | String | client_secret given on client registration |
| username | yes | username | String | |
| password | yes | password | String | |
| scope | no | The requested authorization scopes separated by space. Default: all. | String | search match_info |
Example Client
| Credentials | Value |
|---|---|
| Client id | dRJnpFH6RHTr6L7bNhrn7F |
| Client secret | _IGaQqvUUrPTzRKJvqPYnA |
Authorization header
-
Scheme :
Basic -
Value: Base64 encoding for client_id:client_secret
ZFJKbnBGSDZSSFRyNkw3Yk5ocm43RjpfSUdhUXF2VVVyUFR6UktKdnFQWW5B
Password grant with client authentication via Authorization header
curl -H 'Content-Type: application/x-www-form-urlencoded'
-H 'Authorization: Basic ZFJKbnBGSDZSSFRyNkw3Yk5ocm43RjpfSUdhUXF2VVVyUFR6UktKdnFQWW5B'
-d 'grant_type=password
&client_id=dRJnpFH6RHTr6L7bNhrn7F
&username=dory&password=dorypass
&scope=search match_info'
http://localhost:8089/api/oauth2/token
Passwort grant with client credentials in the request body
curl -H 'Content-Type: application/x-www-form-urlencoded'
-d 'grant_type=password
&client_id=dRJnpFH6RHTr6L7bNhrn7F
&client_secret=_IGaQqvUUrPTzRKJvqPYnA&redirect_uri=http://example.client.com/redirect
&username=dory&password=dorypass
&scope=search match_info'
http://localhost:8089/api/oauth2/token
Response
{
"access_token": "4dcf8784ccfd26fac9bdb82778fe60e2",
"refresh_token" : "hlWci75xb8atDiq3924NUSvOdtAh7Nlf9z",
"scope": "search match_info",
"token_type": "Bearer",
"expires_in": 259200
}
- Importing Kustvakt to Eclipse
- Installing Lombok
- Setting annotation processors
- Setting test environment
- HTTP Basic Authentication
- OAuth2 authorization scopes
- OAuth2 authorization request
- OAuth2 token request
- OAuth2 token revocation
- OAuth2 client registration
- OAuth2 client info
- OAuth2 client deregistration
- OAuth2 client secret reset
- Plugin registration
- Plugin list (marketplace)
- Plugin installation
- Plugin uninstallation
- Installed plugin list
- VC creation and update
- VC deletion
- VC list
- VC info
- VC KoralQuery
- VC statistics
- VC statistics with KoralQuery