Sign Up Sign In
Index Documentation Download Check license
Authorization OAuth2 user password
General description of actions for authorization OAuth2 user password
1) The client application submits a POST request to the server with data: 1.1) Options: grant_type = password — authorization type scope — required role for user username — user login password — user password 1.2) Headers: Content-Type = application/x-www-form-urlencoded — request body type Plus, client authorization is required, for example, you can select the BASIC type: Authorization = Basic aWQtalU4NXNoTnNqVUlpWGQ2MDJhTXhtVjFqSmlPTUdSSko3ZHJHeTRCSGlFZEN0SVk6UWNxUVl0OExRWVVEbDdtMk1KOVNFNkFxYklKOE9MWHdnNkJTSVRnTEFjMHpKcXBRY3I= — соединяем через двоеточие client_id:client_secret — and encode the resulting string into BASE64 format Example request in cUrl:
curl --request POST \ --url http://localhost:9000/oauth2/token \ --header 'Authorization: Basic aWQtalU4NXNoTnNqVUlpWGQ2MDJhTXhtVjFqSmlPTUdSSko3ZHJHeTRCSGlFZEN0SVk6UWNxUVl0OExRWVVEbDdtMk1KOVNFNkFxYklKOE9MWHdnNkJTSVRnTEFjMHpKcXBRY3I=' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data grant_type=password \ --data username=user@example.com \ --data 'password=password1Aa#' \ --data scope=user
2) The server outputs the value in JSON format with the following parameters: access_token — access token scope — roles for a given token token_type = Bearer — token type expires_in — access token expiration time in milliseconds refresh_token — token for updating the authorization token refresh_token_expires_in - refresh token expiration time id_token — OpenId access token (the token is used for more secure authorization; it contains the client’s id tag and other data) Sample response:
{ "access_token": "oBFNlAzw4BBw9ptNFcdTwbOJkdAHglHkE6nwYUe7SrxkAGYtlB9wOX3479uIB3fwW6QzFgcJBGZOAVDvad1tSOsNPLHdeOOz5WCiqiQu9wyXdMuRPFzlqTZsNxNjbzCdg9zwaDGAOVXQEceoO6RZHIW1KELjcZFuxwZWgSOHWs9lD5xJDvzjYicIxgLAjWtsCKwbKX6BWfMnNTUfgogVyG3GE4rlc1QejaojuDec1T7ooJi7Na1XDCkUDFANg7a", "scope": "user", "token_type": "Bearer", "expires_in": 1718080377, "refresh_token": "nPUrvQDWqN949ly80jiLOk5Q9oXRuFrZ7GUZvrmbQU2sNBqX5D5RjjB1QJAjKecNpX1HHeRdOMocQ2SDOGU502ehk9lcZzdxqIglX3B3hGivHEqaeddIkU4PwqgBaykLyWkF1hJcS5q4uAvExOgz5RvvhOjMT8tPj1caiG0q4c6HQVKACg7cXZDOD1XK0eVawRaxnvxs05BcEuHrrQRxu4QwzziMUxO2UhhLyJw8iTKkB80ZN6DOMZa5bncWsKM", "refresh_token_expires_in": 1718080377, "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIxMDAxLTEwMDEtMTcxODA0NDM3NzQ1OCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTAwMCIsInN1YiI6IjEwMDEiLCJhdWQiOiIxMDAxIiwiZXhwIjoxNzE4MDgwMzc3LCJpYXQiOjE3MTgwNDQzNzd9.mAuR3RIp5VsyuUFf0ok8LkxCtWWSLyYI6bZIRX9Cf8wJETuvpdrKFMyMPbizBsPDdO-G_sEMabhoVkze1qUR8GnAB-LhPbclHv0sC1gDCO_ujoamn28dcnIey5qJ3oVHIrMeJaTjznO_pzRY-Nf9IpFl7ZCgs1uVrjyc6rMkpvjZSgUXyZARCe0f_JtCzudtQw0PWcXQdUx0EwQuxIJVluvyx8etn4Vzwz60v4QoFxYq1dV4e5B0-27B65Z-mWmZOwzSqnE3PHaNIr-Z-u_t0iLO-qCNRV76QcWjOe4gc-WSkQxhRJwKPck4L6516USJML05753ew9rIxRIYdBNOQA" }
Practical example on OAuth2 user password authorization
0) Be sure to check that the authentication settings are set to OAuth2 user password flow
Otherwise, authorization with the code will not work. Also, make sure that option Client secret basic is selected in the Client Authorization block. After setting this parameter, do not forget to click on the save button.
1) Let's create a new client application in the admin panel
2) Let's find him in the list of registered clients
3) For example, let's create a test user
4) Let's send a POST request to the authorization server using the http://localhost:9000/oauth2/token link
As a result, we receive an access token.