Skip to content

Authorization code

Jump to bottom Edit New page
Frank Hassanabad edited this page Sep 7, 2013 · 15 revisions

Here I'll show how to test the Authorization Server with the grant type of Authorization Code.

References from the RFC:
Authorization Code
Authorization Code Grant

For this to work you will need to install the Advanced Rest Client for some of these steps.

Install dependencies and run the authorization node server

cd Oauth2orizeRecipes/authorization-server
npm install
node app.js

If you open your browser and go to

https://localhost:3000

You should see the plain text of

OAuth 2.0 Authorization Server

which means it's up and running

Put this directly into your browser

https://localhost:3000/dialog/authorize?redirect_uri=https://localhost:3000&response_type=code&client_id=abc123&scope=offline_access

You should then get back a decision option. The decision option will have the text and two buttons of

Hi Bob Smith!

Samplr is requesting access to your account.

Do you approve?
[Allow] [Deny]

Click the [Allow] button and you will be redirected back to your above redirect_uri with the code attached as a query parameter like so

https://localhost:3000/?code=7HMEo1VA1xVS6EkJ

That's your authorization code. You will need to exchange that for a token. Go to your Advanced Rest Client and do a POST using the URL of

https://localhost:3000/oauth/token

The Raw payload of:

code=7HMEo1VA1xVS6EkJ&redirect_uri=https://localhost:3000&client_id=abc123&client_secret=ssh-secret&grant_type=authorization_code

And set your content-type to: application/x-www-form-urlencoded
Then you'll get back your token which will look like this:

{
"access_token": "nvhxw0MQf9CPbT2fr8FN4uUvGCSmCE2MiTIo14mniaaI5lJiLUwhs1OJc1d6blyJVFfPjlyFX0BhmCgJicpCdfoxJPbsYzl34FLKQDfRjC4uB9F9LlPoMmRrd98g8HN1pqCs6LYMNV24QXfvar87bSKx8f1K5F1gyWsgHbiaa9DpyHNC0NmaXz1ojDprw0aCfGlbZ6osvMng9tTWR1LmegtEJrHslPvRIq0CPXiS2l81VPAPNLUgDYivSnzEY0q7",
"refresh_token": "lDsloBxS9wdqxgIEhZ8V3b1P3yw5WugnCiJPbHSKTo5PV94d7vU9gw2sEUKZrGqs0pDm5aZ6y6kLt3MtdMGPabn9cYVvyb6eKSnjiBprO9X0d1fKF6jfYEYJl3yFPXgAahOM6F2GdimGFc0sYAkvR4vIivHM1Z1vON2lMEYwe3CIQ3SkO9li6DZ7glbN9yynePvUz6BmfjQA7EJ3XBj1wgXhQFt2zaB1p6H5SvgVoSs2pYz3FeOeJMUHx78XVxit",
"expires_in": 3600,
"token_type": "bearer"
}

From there you exchange that for access to a resource. We'll access the api/userinfo resource. In your Advanced Rest Client use this URL with GET

https://localhost:3000/api/userinfo

In the header section add the key of Authorization with the value of your access_token. It will look like this in Raw

Authorization: Bearer nvhxw0MQf9CPbT2fr8FN4uUvGCSmCE2MiTIo14mniaaI5lJiLUwhs1OJc1d6blyJVFfPjlyFX0BhmCgJicpCdfoxJPbsYzl34FLKQDfRjC4uB9F9LlPoMmRrd98g8HN1pqCs6LYMNV24QXfvar87bSKx8f1K5F1gyWsgHbiaa9DpyHNC0NmaXz1ojDprw0aCfGlbZ6osvMng9tTWR1LmegtEJrHslPvRIq0CPXiS2l81VPAPNLUgDYivSnzEY0q7s

You should then get back your user id like so

{
"user_id": "1",
"name": "Bob Smith",
"scope": "*"
}

And there you go, Enjoy!

Add a custom footer
Add a custom sidebar
Clone this wiki locally