This post just gives you basic idea of how OAuth2 client_credentials and refresh_token grant types work with examples.



For more information please read The OAuth 2.0 Authorization Framework.


Client Registration Flow


Info to read: Protocol Flow


Request


curl -X POST https://api.hello.com/v1/{clients|register}
-H 'Content-Type: application/json'
-d '{"username":"client-email@domain.com","password":"client-password"}'

Response


201 Created
{
"client_id": "ID",
"client_key": "KEY",
"client_secret": "SECRET"
}

Client Credentials Flow


Info to read: Client Credentials / Client Credentials Grant. The S0VZOlNFQ1JFVA== below is base64_encode of KEY:SECRET combination.


Request


curl -X POST https://api.hello.com/v1/oauth/token
-H 'Authorization: Basic S0VZOlNFQ1JFVA=='
-H 'content-type: application/x-www-form-urlencoded'
-d 'grant_type=client_credentials'

Response


200 OK
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "REFRESH_TOKEN"
}

Refresh Token Flow


Info to read: Refresh Token


Request


curl -X POST https://api.hello.com/v1/oauth/token
-H 'Authorization: Basic S0VZOlNFQ1JFVA=='
-H 'content-type: application/x-www-form-urlencoded'
-d 'grant_type=refresh_token&refresh_token=REFRESH_TOKEN'

Response


200 OK
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "NEW_ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "NEW_REFRESH_TOKEN"
}

Consuming OAuth2 Authenticated APIs


Request


curl -X GET https://api.hello.com/v1/resource
-H 'Authorization: Bearer ACCESS_TOKEN'