-
-
Notifications
You must be signed in to change notification settings - Fork 119
Client Obtain Token
nov edited this page Oct 3, 2014
·
17 revisions
Code Flow would be the most basic flow to get an access token for server-side apps.
# Authorization Request
authorization_uri = client.authorization_uri(
scope: [:profile, :email]
)
`open "#{authorization_uri}"`
# Authorization Response
puts "# Authorization Code"
code = gets.strip
# Token Request
client.authorization_code = code
client.access_token! # => Rack::OAuth2::AccessTokens subclass
rack-oauth2 uses Authorization
header for Client Authentication as default.
If your OAuth Server doesn't support Basic Auth for Client Authentication and require including client_secret
in request body, do
client.access_token! :body
Client Credentials Flow doesn't require any user interaction.
Just call client.access_token!
.
client.access_token! # => Rack::OAuth2::AccessTokens subclass
In this flow, your client will obtain end-user's password at the OAuth Server, directly.
This flow also doesn't need any redirect-based user interaction.
Simply set username & password to the client
instance, and call client.access_token!
.
client.resource_owner_credentials = 'username', 'password'
client.access_token! # => Rack::OAuth2::AccessTokens subclass
client.refresh_token = '02e27f838b6e378eb1259...'
client.access_token! # => Rack::OAuth2::AccessTokens subclass