Authorization Code Flow
Endpoint for authorization code flow.
To request an access token using the authorization code flow, an authorization code is required.
See Authorization Code for details.
The following steps are required to process the access token request for authorization code flow:
Procedure
-
Request an authorization code
The access token request requires a authorization code. Use the following endpoint to request an authorization code:
Authorization Code Request Endpoint for Authorization Code Flow Method URL POST http://ASGServerHost:httpPort/asg/oauth2/authorize?response_type=code&client_id=CLIENT_ID_VALUE&client_secret=CLIENT_SECRET_VALUE&state=STATE_VALUE&redirect_uri=REDIRECT_URL_VALUE For example,
http://ASGServerHost:httpPort/asg/oauth2/authorize?response_type=code&client_id=237-924f4a26-f1a5-4934-a17a-69c22bd52dbe&client_secret=809950e0-c21c-4f84-8dab-239dba1c3187&state=xyz&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
-
Request an access token
The authorization code flow requires the following information to send an access token request:
After the authorization code is returned, use the following endpoint to request an access token:
Token Request Endpoint for Authorization Code Flow Method URL POST http://ASGServerHost:httpPort/asg/oauth2/access_token?grant_type=authorization_code&client_id=CLIENT_ID_VALUE&client_secret=CLIENT_SECRET_VALUE&code=AUTH_CODE_VALUE&redirect_uri=REDIRECT_URL_VALUE For example,
http://ASGServerHost:httpPort/asg/oauth2/access_token?grant_type=authorization_code&client_id=237-924f4a26-f1a5-4934-a17a-69c22bd52dbe&client_secret=809950e0-c21c-4f84-8dab-239dba1c3187&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
where,
- ASGServerHost is the machine running the Core Engine..
- httpPort is the port value for HTTP transport.
- CLIENT_ID_VALUE is the client ID of the registered application.
- CLIENT_SECRET_VALUE is the client secret of the registered application.
- STATE_VALUE is an arbitrary string that is returned in the callback.
- AUTH_CODE_VALUE is the authorization code.
- REDIRECT_URL_VALUE is the URL of the third party application which performs the authentication process.