Skip to content

Auth Code Grant

Ken Williamson edited this page Jan 19, 2020 · 24 revisions

Authorization Code Grant Type

Used for web applications and websites

  1. Authorization
Method: GET

http://localhost:3000/oauth/authorize?response_type=code&client_id=10&redirect_uri=http://www.google.com&scope=read&state=xyz
  1. Login with the follow (GoAuth2User Credentials)
    • username: admin
    • password: admin
  2. Click Authorize
  3. Response (authorization)
https://www.google.com/?code=HRbMni0f2507ZkyFWlTUYhjN&state=xyz
  1. Get Token (Using code returned in step 4)
Method: POST

URL -- http://localhost:3000/oauth/token

Header ---  Content-Type: application/x-www-form-urlencoded

Body:
client_id=10&client_secret=jhcy2YGrvgDsm4VRVtUESiI96K65gQeXcA2TQCJYZW0J1cYLio&grant_type=authorization_code&code=HRbMni0f2507ZkyFWlTUYhjN&redirect_uri=http://www.google.com
  1. Response (token)
{
    "access_token": "eNrUWduSozYQ/aMtEPZseBxjg6XiUtzE5WXLCGcMEh7XssbA16eEPYmrkk0N8kaTeZdQ6/TROd3NfkCHwiKVVyEYj1B1K9jCY7AkBnyC9JRiA+lf9gPys5S1BTAprE9fYcNGMvAFZeenWNmtYWUbaCwTyD9UFyBgsLpUWYoprF+rAOirMg1enWpZF0Dha9l++1x59UZ1Rzp6a6q5kdPChh1KAz45Uax5kbNw643qaAoPqNsBfMZbdslD+AQbs84A5jG08IjHPEUo5wE3+JUk6jCdDfpTniyVMPH5ORfbQEfSmOdyWud2uRXzOIYC9AxjhPh9Eq2t/Nu+uNHbPGYbWL/2Tv3SQoa6wor5/cYyXTFCTVok7MzPetvjJ31baCXLTRyGt71uBIFtoHVhMVYcg1Vh9V0JMOVncmxsDbdZow9ZqA9k0Ou/rUvRKdbwJU9hlyUBvT8vjK93+z3sv0LqtrsEn0uTx4lRMOEIF7aBQn5HfhaZvoNWuaWeCp7otz0bsy0sXcuTAMeU3fb6C2f4yd14DipdLSzUkWbTkaPTlanLSKUfcsuv7u57+9ZKt7f/AbZrovwqbMt0RbP0yls5+Ma9Z7wf3zc+25rLshTVO+P++zcst0q7H/7EY4rrdoeBnzXhzr99dFVi4cFPgh+7ZFH9DMPbXnXK0T/ehVZeBbsy6atCQwdbQ6Ot8fcIu8JiYykzxoi+P0ZwW2fo7S51FZlvyhXI+d26YYevuNjApLk8fBV3jEXwPeapRD2I4HKGHkzaLxlH1amf//84rl/U+brqf4CG+po736PGPDGHDLxI5KVzmc/LkknVz3ojwkvJfv8CRHhJAD6Qxn2VyUshbwcBKyys5KHEvI8z8q5NeetyC7e53FppEPHNCZMP8ktvTT7BeyJz/FIlgOMoVZcUbz2/9vwAH1o4Qu+9PxFNZn20+cT9kr9wwtleT/OkZ+W115dVgwrVTvI11V841afSVNWJMhFNVYkVHOZzgN5z4PBOn7oI6cBNtwTmO8v7/Gfv1dQIzsfxei4mDRXlqkisqiPio5tyyJKlcp0XCvX4grFuxPjJfVV0rhPevafmvb5PRwEf2E7zUzNYEiuWxVXVmeP/f3GV5RYb8sRVuGeJ+azg+68enO/I46viRf4vwFbAA0Q4Gz0vH61dhPsrsXhHsRnKVLdI9Cx/6YbzORto6FAcg3ifrphcXDcXAR5M50rl65qCB/IvMO8T0qveCR/WK4GeVZCng0iPdc2XUN8qlHcC5s/6pPlTL1bzY7pLEcu04APqP1+wVo1lxql40bN47SdTP9d08biPSnpL0bP6mNbLelf+UkRHr3jI009PPEaJPZRAj3+3juvTv86msNLCo1sX2opF13/UT8mANNKw6/s7IpYlfpWmyhcQ1D1wtt9H40f5tdhqRmT8dv4WnJe28QPsvcgZa6aY3773l8sfAQAA//97OydC",
    "token_type": "bearer",
    "expires_in": 3600,
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJQYXlsb2FkIjp7ImlzcyI6IkdvQXV0aDIiLCJzdWIiOiJjb2RlIiwiYXVkIjoiR29BdXRoMi5jb20iLCJleHAiOjE1Nzk0MjIxNTMsImlhdCI6MTU3OTM4NjE1M30sInRva2VuVHlwZSI6InJlZnJlc2giLCJ1c2VySWQiOiJlaHFtciIsImNsaWVudElkIjoxMCwiZ3JhbnQiOiJjb2RlIn0.rE12HV9-2wXVerIQ4JU0U_60mt8_E6B0x15vOQaymaw"
}
  1. Get Refresh Token (Using refresh token returned in step 6)
Method: Post 

URL -- http://localhost:3000/oauth/token

Header ---  Content-Type: application/x-www-form-urlencoded

Body:
grant_type=refresh_token&client_id=10&client_secret=jhcy2YGrvgDsm4VRVtUESiI96K65gQeXcA2TQCJYZW0J1cYLio&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJQYXlsb2FkIjp7ImlzcyI6IkdvQXV0aDIiLCJzdWIiOiJjb2RlIiwiYXVkIjoiR29BdXRoMi5jb20iLCJleHAiOjE1Nzk0MjIxNTMsImlhdCI6MTU3OTM4NjE1M30sInRva2VuVHlwZSI6InJlZnJlc2giLCJ1c2VySWQiOiJlaHFtciIsImNsaWVudElkIjoxMCwiZ3JhbnQiOiJjb2RlIn0.rE12HV9-2wXVerIQ4JU0U_60mt8_E6B0x15vOQaymaw
  1. Response (Refresh Token)
{
    "access_token": "eNrUWWtvozgU/UUz4pG0y8c8iS0e4mXAX0bBtI2xSSOxJcCvX5mku5F2Z1WcGXfmu42vzz0+597LUw8PhU2oTyFIBqB7FDTgGM7JCjwAdsrQClpfn3oY5BlvCmPLQHV6BDUfSC8WlG2QIW2/BtRZwaFMgfhQVRghB/RM8wwxUL3S0LCWZRa+unReFYYm1vKn3YL61Ub3Bjb48aLz1qQBNT+UK/Dgxonpx+7MqxLNMzURULs30Bva8TOOwAOot1VuIBFDA45owBmEWARco1eS6v14ttGdcDrXojQQ55ydFTySevtWjuu8FtuJiKMvjI4jBKG4T2o2NLjuS2qrwQnfgOq1c6uXBnDYFnYi7jeU2ZITtmVFyt/EWe97grRrCrPkeIui6LrXi4HhrOC6sDkvjuGysLu2NBATZwpsHBM1eW31eWT1pLeqf63L4Ckx0RlnoM3TkN2eFyWXuz1H3SNgXrNP0Vu5FXEiGI44gpmzgpG4oziLjN+BS2zrp0Ik+n3PZtsUtmXiNEQJ49e9wcztv3M3kQNq6YUNW1JvWnJ02zLzOKHWAdsBvbnv9VtLy9n9BGzXRPtR2JbZkuXZhbdq8E06f/VxfN/57JgezzNY7Ve3379iudOap/5vPMa4rnfoxVkj7uLbR08nNuqDNPxzn87o9zC87tXHHP3nXRj1KWjLtKOFCQ+OCQfHFO8RtIXNh1JljDH7eIzGdd3KavaZp6l8U55Ezm/W9Xt0wcUxtgyrw1fzhkQG3yPOFOpBDOYT9GDUfsU46m61+PVxXL/o03U1+AQNDUxvukcNON32ufGikJfueTovS65UP6uNDC8V+/2LIcNLYqADqb1XlbyU8nYj5IWNNBwpzPswIe/mmLcW26jBamulXsY3R0w+yS990c/88u+JTPFLnRgCR6W6pPnr6bXnJ/jQzJV6792JmCrro81v3C8FMzea7PUMpx0vL72+qhpUqnZSr6nBzKW/labqbpzLaKpO7PAwnQPslgOHD/rUWUoHrrolMd+Z3+Y//6imxmA6jpdzEamZLFdlYtVdGR/dlH2ezrXLvFCqx5eMdSPHT+GrsnOd6OY91R/1fTZI+MBunJ9uwzmxE1Vc1d0p/v8PVzm2eY9TTxOeJeezku+f3jnfUcdXzY+DH4CthAfIcDZezO+tXaT7K7l4B7kZyli3KPSsYO5F0zkbmvBQHMPkKVtytbhuzhI8GM9Vytc1M+7Iv8S8T0qvOje6W68kelZJnvYyPdYlX1J9q1TeiTF91qfMnzq5mh+xfQZ5boafUP8FkrVqojJOzY8X8rWfSv1cs9n9PqroLcUL/T6tV/WugrmMjl7wUKefvnyMCnsoiR7/Zp3Qp/+dTSGtAUevKswljy//qB/SHpqk5pf3d4Q8TwOaZdrXPHvGm8clrr68fWmfQfRgFXj27TxkGnjxKNk57I915Xxbr/LgrwAAAP//SO0mzg==",
    "token_type": "bearer",
    "expires_in": 3600,
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJQYXlsb2FkIjp7ImlzcyI6IkdvQXV0aDIiLCJzdWIiOiJjb2RlIiwiYXVkIjoiR29BdXRoMi5jb20iLCJleHAiOjE1Nzk0MjIxNTMsImlhdCI6MTU3OTM4NjE1M30sInRva2VuVHlwZSI6InJlZnJlc2giLCJ1c2VySWQiOiJlaHFtciIsImNsaWVudElkIjoxMCwiZ3JhbnQiOiJjb2RlIn0.rE12HV9-2wXVerIQ4JU0U_60mt8_E6B0x15vOQaymaw"
}