Skip to content

Authentication

Jump to bottom Edit New page
Florian Schmidt edited this page Mar 2, 2016 · 3 revisions

Authentication

Get an access and refresh token

In order to get an access token, you need to have the following data

  1. username (the email address of your user)
  2. password (the password of your user)
  3. the client credentials of your app
    • the client name (e.g. breakout_app)
    • the client secret (e.g. 123456789)
  4. The grant type (in this case password). See [OAuth 2 Introduction](https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2 for more examples) by DigitalOcean for more details
  5. The scope (in order to modify your users data, you need read write access)

In order to get the access and refresh token, you need to do POST yourdomain.org/oauth/token. The client name and client secret need to be transmitted via HTTP Basic Authentication. The username, password, grant_type and scope should be provided via x-www-form-urlencoded body. A full Http Request could look like the following

POST /oauth/token HTTP/1.1
Authorization: Basic BASE64ENCODEDCLIENTCREDENTIALS
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Host: yourdomain.org
Connection: close
Content-Length: 85

username=admin%40break-out.org&password=password&grant_type=password&scope=read+write

As a response you would then get the following Json

{
  "access_token": "YOURACCESSTOKEN",
  "token_type": "bearer",
  "refresh_token": "YOURREFRESHTOKEN",
  "expires_in": 42961,
  "scope": "read write"
}

Use the access token

Get a new access token with the refresh token

Add a custom footer
Add a custom sidebar
Clone this wiki locally