Skip to content

Client Credentials

Jump to bottom Edit New page
tilleps edited this page Dec 22, 2016 · 8 revisions

Here I'll show how to test Authorization Server with the grant type of Client Credentials.

References from the RFC:
Client Credentials
Client Credentials Grant

For this to work you will need to install the Advanced Rest Client for some of these steps.

Install dependencies and run the authorization node server

cd Oauth2orizeRecipes/authorization-server
npm install
node app.js

If you open your browser and go to

https://localhost:3000

You should see the message of

Welcome to OAuth 2.0.

which means it's up and running

In your Advanced Rest Client use this URL with POST

https://localhost:3000/oauth/token

In the header section add the key of Authorization with the value of the client id and client secret of one of the clients, separated by a ":" and base64 encoded. You can use any online base64 encoder like this one to help you out.

It will look like this in Raw if you're using "abc123:ssh-secret"

Authorization: Basic YWJjMTIzOnNzaC1zZWNyZXQ=

In the payload section you want to set the Content-Type header to application/x-www-form-urlencoded and this to the raw payload

grant_type=client_credentials

Click send and you should get back your access token that looks like this

{
"access_token": "olXb4TafbiUs8UGeNPLmD65OfyiqnAlYeS85wE6Rg5AqK4Pe0dpL4CgUafYg4a1OYtXNpL86TjCH7DgKMBtsmLvvRuBYPkayC1u4a9bARvNizv3dpWKCBnywWzqOzN9JMgamAneI3QJLfzk0LhOlCzlM1TvBVG0Iqu3lP0MCFdzeRV6LgVmKC1zXNpbnqCoaFanbqk1725wdUs2ltXBAhbJY0ZuFiMUNmMsx7q39TR6GfzTchUKNEEKYso33UqYP",
"expires_in": 3600,
"token_type": "bearer"
}

From here you exchange the access token for access to a resource. We'll access the api/userinfo resource. In your Advanced Rest Client use this URL with GET

http://localhost:3000/api/clientinfo

In the header section add the key of Authorization with the value of your access_token. It will look like this in Raw

Authorization: Bearer olXb4TafbiUs8UGeNPLmD65OfyiqnAlYeS85wE6Rg5AqK4Pe0dpL4CgUafYg4a1OYtXNpL86TjCH7DgKMBtsmLvvRuBYPkayC1u4a9bARvNizv3dpWKCBnywWzqOzN9JMgamAneI3QJLfzk0LhOlCzlM1TvBVG0Iqu3lP0MCFdzeRV6LgVmKC1zXNpbnqCoaFanbqk1725wdUs2ltXBAhbJY0ZuFiMUNmMsx7q39TR6GfzTchUKNEEKYso33UqYP

You should then get back your client id like so

{
"client_id": "1",
"name": "Samplr",
"scope": "*"
}

And there you go, Enjoy!

Add a custom footer
Add a custom sidebar
Clone this wiki locally