Versions Compared

Old Version 2

changes.mady.by.user More Service Team

Saved on

compared with

New Version 3

changes.mady.by.user More Service Team

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The authorization Code Grant type is the most commonly used because it is optimized for server-side applications, where source code is not publicly exposed, and Client Secret confidentiality can be maintained.


Code Grant Flow:


Step 1: Authorization Code Link

Send a GET request to  <OAUTH2_SERVER_URL >/auth?params…

Oath2Server is sending a time limited code to the registered <callback_url>.Example C#


Code Block

...

Code Block
languagec#
titleExample C# code:
var client = new RestClient(Config.OAUTH2_SERVER_URL);

var request = new RestRequest("auth", Method.GET);
 

request.AddQueryParameter("response_type", "code");

request.AddQueryParameter("redirect_uri", Config.CALLBACK_URI);

request.AddQueryParameter("client_id", Config.CLIENT_ID);

request.AddQueryParameter("client_secret", Config.CLIENT_SECRET);

request.AddQueryParameter("uri", "myUri");

request.AddQueryParameter("state", "myState");

request.AddQueryParameter("scope", "write");

Step 2: Token Link

Send a POST request to to  <OAUTH2_SERVER_URL >/token?params…

When you add the received <CODE> server response with a json object with your access_token.

Code Block
languagec#
titleExample C# code:
var client = new RestClient(Config.OAUTH2_SERVER_URL);

...


var request = new RestRequest("token", Method.POST);

...



request.AddHeader("Content-Type", "application/x-www-form-urlencoded");

...



 

...



request.AddQueryParameter("grant_type", "authorization_code");

...



request.AddQueryParameter("redirect_uri", Config.CALLBACK_URI);

...



request.AddQueryParameter("client_id", Config.CLIENT_ID);

...



request.AddQueryParameter("client_secret", Config.CLIENT_SECRET);

...



request.AddQueryParameter("code", <CODE>);

...



Example Json Response:

...



{"access_token": "a49765jhfhgs.....", "refresh_token": "8768ehg3uyu34r....", "expires_in":1516714140406}

 

Step 3: Request Data from GAPI

Send a GET / POST request to to  <RESOURCE_SERVER_URL>/gapi/v1/path….

...

You are now authenticated against GAPI with roles defined in TMS.


Code Block
languagec#
titleExample C# code:
var client = new RestClient(Config.RESOURCE_SERVER_URL);

...



var request = new RestRequest(Config.RESOURCE_SERVER_PATH, Method.GET);

...




request.AddHeader("Authorization", "Bearer " + < access_token >);

...



request.AddHeader("Content-Type", "application/json");