Skip to content

Commit

Permalink
fix authoriztion
Browse files Browse the repository at this point in the history
  • Loading branch information
@RuslanPopenko
RuslanPopenko committed May 10, 2016
1 parent 388733d commit be1e147
Showing 1 changed file with 138 additions and 17 deletions.
155 changes: 138 additions & 17 deletions docs/api/authorization.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,43 @@ where
{redirectUrl} is the URL that will receive authorization code after successful authorization
{scope} is the list of the required permissions (currently you can use 'read+write')

Code example **Java** using org.apache.http package

.. code-block:: properties
String authorizeURI = "http://ivis.dev.imcode.com/oauth/authorize";
String redirectURI = "{redirectUrl}";
String clientId = "{yourClientId}";
String scope = "read+write";
URIBuilder builder = new URIBuilder(authorizeURI);
builder.addParameter("response_type", "code");
builder.addParameter("client_id", clientId);
builder.addParameter("redirect_uri", redirectURI);
builder.addParameter("display", "popup");
builder.addParameter("scope", scope);
String path = builder.build().toString();
response.sendRedirect(path); // GET request
Code example **JS** using JQuery

.. code-block:: properties
var authorizeURI = "http://ivis.dev.imcode.com/oauth/authorize";
var redirectURI = "{redirectUrl}";
var clientId = "{yourClientId}";
var scope = "read+write";
var data = {
'response_type' : 'code',
'client_id' : clientId,
'redirect_uri' : redirectURI,
'display' : 'popup',
'scope' : scope
};
location.href = authorizeURI + '?' + $.param(data);
Step 2
------

Expand All @@ -24,31 +61,115 @@ sending POST request to

with parameters

grant_type (= 'authorization_code')
code (your authorization code from the step 1)
redirect_uri (URL that will receive token)
code (= '{code}')
client_id (= '{yourClientId}') - the same as in step 1
client_secret (= '{yourClientSecret}')
redirect_uri (= '{redirectUrl}') - the same as in step 1
grant_type = (= 'authorization_code')

As response to the redirect_uri you will receive json object with next properties:

access_token (token for access to API)
refresh_token (when token is expired, you can exchange refresh_token to new access_token, see step 3)
expires_in (date and time until token is suitable to getting access)

access_token object has another properties, but trey aren't necessary for accessing to API.

Code example **Java** using org.apache.http package

.. code-block:: properties
String tokenURI = "http://ivis.dev.imcode.com/oauth/token";
String redirectURI = "{redirectUrl}";
String clientId = "{yourClientId}";
String clientSecret = "{yourClientSecret}";
List<NameValuePair> pairsPost = new LinkedList<NameValuePair>();
pairsPost.add(new BasicNameValuePair("code", request.getParameter("code")));
pairsPost.add(new BasicNameValuePair("client_id", clientId));
pairsPost.add(new BasicNameValuePair("client_secret", clientSecret));
pairsPost.add(new BasicNameValuePair("redirect_uri", redirectURI));
pairsPost.add(new BasicNameValuePair("grant_type", "authorization_code"));
HttpPost post = new HttpPost(tokenURI);
post.setEntity(new UrlEncodedFormEntity(pairsPost));
HttpClient client = new DefaultHttpClient();
HttpResponse responses = client.execute(post);
String token = EntityUtils.toString(responses.getEntity()); //there is a json object response
Code example **JS** using JQuery

.. code-block:: properties
var tokenURI = "http://ivis.dev.imcode.com/oauth/token";
var redirectURI = "{redirectUrl}";
var clientId = "{yourClientId}";
var clientSecret = "{yourClientSecret}";
var code = location.href.split('code=')[1];//get value of parameter code
// it's only one param, so you can use this way to get code, or write your own
$.post({
url : tokenURI,
data : {
'code' : code,
'client_id' : clientId,
'client_secret' : clientSecret,
'redirect_uri' : redirectURI,
'grant_type' : 'authorization_code'
},
success : function (token) {
alert(token['access_token']); //use received token
alert(token['refresh_token']);
alert(token['expires_in']);
}
});
Step 3
------

When your token is expired you can refresh (update) it without repeating authorization by sending POST request to

/oauth/token

with parameters

refresh_token (='{yourRefreshToken}') - is the refresh token from the step 2
grant_type = (= 'refresh_token')

Also you have to set request headers:
Code example **Java** using org.apache.http package

Authorization (= 'Basic {base64Hash}')
.. code-block:: properties
where
String refreshToken = "{yourRefreshToken}";
{base64Hash} is Base64-encoded string created as 'ClientId:ClientSecret' (colon is required).
List<NameValuePair> pairsPost = new LinkedList<NameValuePair>();
pairsPost.add(new BasicNameValuePair("refresh_token", refreshToken));
pairsPost.add(new BasicNameValuePair("grant_type", "refresh_token"));
As response to the redirect_uri you will have following parameters:
HttpPost post = new HttpPost(tokenURI);
post.setEntity(new UrlEncodedFormEntity(pairsPost));
access_token (token itself)
expiration_date
refresh_token
HttpClient client = new DefaultHttpClient();
HttpResponse responses = client.execute(post);
Step 3
------
String token = EntityUtils.toString(responses.getEntity()); //there is a json object response
When your token is expired you can refresh (update) it without repeating authorization by sending request to
Code example **JS** using JQuery

/oauth/token?grant_type=refresh_token&refresh_token={yourRefreshToken}
.. code-block:: properties
where
var refreshToken = "{yourRefreshToken}";
{yourRefreshToken} is the refresh token from the step 2.
$.post({
url : tokenURI,
data : {
'refresh_token' : refreshToken,
'grant_type' : 'refresh_token'
},
success : function (token) {
alert(token['access_token']); //use received token
alert(token['refresh_token']);
alert(token['expires_in']);
}
});

0 comments on commit be1e147

Please sign in to comment.