01/06/2019 - PHP
Bu yazı size OAuth2 client_credentials
ve refresh_token
grant tiplerinin örneklerle nasıl çalıştığı hakkında temel bir fikir verir. Bununla birlikte, token ile ilgili bilgileri veren The OAuth 2.0 Token Introspection konusunuda bilmenizde yarar var.
Daha fazla bilgi için The OAuth 2.0 Authorization Framework sayfasını okuyun.
Gerekli bilgi: Protocol Flow / Client Registration
curl -X POST https://api.hello.com/v1/{clients|register}
-H 'Content-Type: application/json'
-d '{"username":"client-email@domain.com","password":"client-password"}'
201 Created
{
"client_id": "ID",
"client_key": "KEY",
"client_secret": "SECRET"
}
Gerekli bilgi: Client Credentials Grant / Access Token Request / Access Token Response. Aşağıdaki S0VZOlNFQ1JFVA==
girdisi, KEY:SECRET
kombinasyonunun base64_encode halidir.
curl -X POST https://api.hello.com/v1/oauth/token
-H 'Authorization: Basic S0VZOlNFQ1JFVA=='
-H 'content-type: application/x-www-form-urlencoded'
-d 'grant_type=client_credentials'
200 OK
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "REFRESH_TOKEN"
}
Gerekli bilgi: Refresh Token / Refreshing Token an Access Token
curl -X POST https://api.hello.com/v1/oauth/token
-H 'Authorization: Basic S0VZOlNFQ1JFVA=='
-H 'content-type: application/x-www-form-urlencoded'
-d 'grant_type=refresh_token&refresh_token=REFRESH_TOKEN'
200 OK
Cache-Control: no-store
Pragma: no-cache
{
"access_token": "NEW_ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "NEW_REFRESH_TOKEN"
}
curl -X GET https://api.hello.com/v1/resource
-H 'Authorization: Bearer ACCESS_TOKEN'