From e2156a7da35f75858f0c844a872b5d6d604e928e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Thu, 13 Aug 2020 12:29:42 +0200 Subject: [PATCH] Authorization code example --- README.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/README.md b/README.md index b01dd83..0496a64 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,8 @@ Before testing, we need to create a client: ![create a client](https://user-images.githubusercontent.com/290496/38811988-081814d4-41c6-11e8-88e1-cb6c25a6f82e.png) +### Password flow example + Get your `client_id` and `client_secret` for testing. In this example, we have enabled `password` grant types, let's try: @@ -50,6 +52,27 @@ Because this is an example, every user's password is `valid`. Now you can access $ curl -H "Authorization: Bearer ${access_token}" http://127.0.0.1:5000/api/me ``` +### Authorization code flow example + +To test the authorization code flow, you can just open this URL in your browser. +```bash +$ open http://127.0.0.1:5000/oauth/authorize?response_type=code&client_id=${client_id}&scope=profile +``` + +After granting the authorization, you should be redirected to `${redirect_uri}/?code=${code}` + +Then your app can send the code to the authorization server to get an access token: + +```bash +$ curl -u ${client_id}:${client_secret} -XPOST http://127.0.0.1:5000/oauth/token -F grant_type=authorization_code -F scope=profile -F code=${code} +``` + +Now you can access `/api/me`: + +```bash +$ curl -H "Authorization: Bearer ${access_token}" http://127.0.0.1:5000/api/me +``` + For now, you can read the source in example or follow the long boring tutorial below. **IMPORTANT**: To test implicit grant, you need to `token_endpoint_auth_method` to `none`.