Hello everyone!

We have been investing plenty of personal time and energy for many years to share our knowledge with you all. However, we now need your help to keep this blog running. All you have to do is just click one of the adverts on the site, otherwise it will sadly be taken down due to hosting etc. costs. Thank you.

This post just gives you basic idea of how OAuth2 client_credentials and refresh_token grant types work with examples. Apart from this, you should also be aware of The OAuth 2.0 Token Introspection endpoint that gives meta-information about tokens.



For more information please read The OAuth 2.0 Authorization Framework.


Client Registration Flow


Info to read: Protocol Flow / Client Registration


Request


curl -X POST https://api.hello.com/v1/{clients|register}
-H 'Content-Type: application/json'
-d '{"username":"client-email@domain.com","password":"client-password"}'

Response


201 Created
{
"client_id": "ID",
"client_key": "KEY",
"client_secret": "SECRET"
}

Client Credentials Flow


Info to read: Client Credentials Grant / Access Token Request / Access Token Response. The S0VZOlNFQ1JFVA== below is base64_encode of KEY:SECRET combination.


Request


curl -X POST https://api.hello.com/v1/oauth/token
-H 'Authorization: Basic S0VZOlNFQ1JFVA=='
-H 'content-type: application/x-www-form-urlencoded'
-d 'grant_type=client_credentials'

Response


200 OK
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "REFRESH_TOKEN"
}

Refresh Token Flow


Info to read: Refresh Token / Refreshing Token an Access Token


Request


curl -X POST https://api.hello.com/v1/oauth/token
-H 'Authorization: Basic S0VZOlNFQ1JFVA=='
-H 'content-type: application/x-www-form-urlencoded'
-d 'grant_type=refresh_token&refresh_token=REFRESH_TOKEN'

Response


200 OK
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "NEW_ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "NEW_REFRESH_TOKEN"
}

Consuming OAuth2 Authenticated APIs


Request


curl -X GET https://api.hello.com/v1/resource
-H 'Authorization: Bearer ACCESS_TOKEN'