Friendly OAuth2 Server

1) The client application sends a GET request with data to the authorization server: 1.1) Options: response_type = token — authorization type client_id — client application ID redirect_uri — code redirect URL scope — required role for user state — character set as marker Sample request:

http://localhost:9000/oauth2/authorize?response_type=token&client_id=id-CzabNtF4G5cuD1cyRpAEjWOapXgOujtfb4zjj9QDLCWXP88&redirect_uri=http://localhost:8080/oauth2/code&scope=user&state=state1

2) A form for entering a login and password opens in the user's browser. The user fills in the data that is sent to the server as a POST request.

3) The authorization server sends a GET response with an access token to redirect_uri with data: 3.1) Options: access_token — access token token_type=Bearer — access token type expires_in — access token validity period state — character set as marker Sample response:

http://localhost:8080/oauth2/implicit?access_token=iYdeljtdXtnSkcN6RElUp3zMD8CJW44EckLEQWBQy3RWRXoG3qcck70rvNTtyUzRdY1rjQb52hu3tadMb4b6kWnYhwFgh9GUmLgAIwVPs5IR358MlHLkvHRnmnX6WGWyhM1y0Rz4WfsOf2pv7ZLXIiCp29DaRKpJsfYpRqr7OU4WeVwahjBq8a4RNV0V2kFOxbcSE1jA8JKK9gLsDMDDJatquASIEVvxaoanVGIk36NBkPqSuVMY6kUpFylOyqK&state=state1&token_type=Bearer&expires_in=1718074368

Practical example for OAuth2 implicit authorization

0) Be sure to check that the authentication settings are set to OAuth2 implicit flow

Otherwise, authorization with the code will not work. After setting this parameter, do not forget to click on the save button.

1) Let's create a new client application in the admin panel

2) Let's find him in the list of registered clients

3) For example, let's create a test user

4) Let's create a GET request to address http://localhost:9000/oauth2/authorize

5) Copy the URL and paste it into the browser

6) As a result, the browser will display a redirect_url with an access token: