Authorization Code Flow

Endpoint for authorization code flow.

To request an access token using the authorization code flow, an authorization code is required.

See Authorization Code for details.

The following steps are required to process the access token request for authorization code flow:

Procedure

  1. Request an authorization code

    The access token request requires a authorization code. Use the following endpoint to request an authorization code:

    Authorization Code Request Endpoint for Authorization Code Flow
    Method URL
    POST http://ASGServerHost:httpPort/asg/oauth2/authorize?response_type=code&client_id=CLIENT_ID_VALUE&client_secret=CLIENT_SECRET_VALUE&state=STATE_VALUE&redirect_uri=REDIRECT_URL_VALUE

    For example,

    http://ASGServerHost:httpPort/asg/oauth2/authorize?response_type=code&client_id=237-924f4a26-f1a5-4934-a17a-69c22bd52dbe&client_secret=809950e0-c21c-4f84-8dab-239dba1c3187&state=xyz&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

  2. Request an access token

    The authorization code flow requires the following information to send an access token request:

    • Client ID
    • Client Secret
    • Authorization code
    • Redirect URL
    • grant_type

    After the authorization code is returned, use the following endpoint to request an access token:

    Token Request Endpoint for Authorization Code Flow
    Method URL
    POST http://ASGServerHost:httpPort/asg/oauth2/access_token?grant_type=authorization_code&client_id=CLIENT_ID_VALUE&client_secret=CLIENT_SECRET_VALUE&code=AUTH_CODE_VALUE&redirect_uri=REDIRECT_URL_VALUE

    For example,

    http://ASGServerHost:httpPort/asg/oauth2/access_token?grant_type=authorization_code&client_id=237-924f4a26-f1a5-4934-a17a-69c22bd52dbe&client_secret=809950e0-c21c-4f84-8dab-239dba1c3187&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

    where,

    • ASGServerHost is the machine running the Core Engine..
    • httpPort is the port value for HTTP transport.
    • CLIENT_ID_VALUE is the client ID of the registered application.
    • CLIENT_SECRET_VALUE is the client secret of the registered application.
    • STATE_VALUE is an arbitrary string that is returned in the callback.
    • AUTH_CODE_VALUE is the authorization code.
    • REDIRECT_URL_VALUE is the URL of the third party application which performs the authentication process.