Advanced Rest Client with OAuth2orize
For this to work you will need to install the Advanced Rest Client for some of these steps. Of course you will need to install OAuth2orize as well.
Run the oauth2orize provider/server example which does server-side OAuth flow:
cd oauth2orize\examples\express2
node app.js
If you open your browser and go to:
http://localhost:3000
You should see the plain text of
OAuth 2.0 Server
which means it's up and running
Put this directly into your browser
http://localhost:3000/dialog/authorize?redirect_uri=http://localhost:3000&response_type=code&client_id=abc123
You should then get back decision option. The decision option will have the text and two buttons of
Hi Bob Smith!
Samplr is requesting access to your account.
Do you approve?
[Allow] [Deny]
Click the [Allow] button and you will be redirected back to your above redirect_uri with the code attached as a query parameter like so
http://localhost:3000/?code=7HMEo1VA1xVS6EkJ
That's your authorization code. You will need to exchange that for a token. Go to your Advanced Rest Client and do a POST using the URL of
http://localhost:3000/oauth/token
The Raw payload of:
code=7HMEo1VA1xVS6EkJ&redirect_uri=http://localhost:3000&client_id=abc123&client_secret=ssh-secret&grant_type=authorization_code
And set your content-type to: application/x-www-form-urlencoded
Then you'll get back your token which will look like this:
{
access_token: "nvhxw0MQf9CPbT2fr8FN4uUvGCSmCE2MiTIo14mniaaI5lJiLUwhs1OJc1d6blyJVFfPjlyFX0BhmCgJicpCdfoxJPbsYzl34FLKQDfRjC4uB9F9LlPoMmRrd98g8HN1pqCs6LYMNV24QXfvar87bSKx8f1K5F1gyWsgHbiaa9DpyHNC0NmaXz1ojDprw0aCfGlbZ6osvMng9tTWR1LmegtEJrHslPvRIq0CPXiS2l81VPAPNLUgDYivSnzEY0q7"
token_type: "bearer"
}
From there you exchange that for access to a resource. We'll access the api/userinfo resource. In your Advanced Rest Client use this URL with GET:
http://localhost:3000/api/userinfo
In the header section add the key of Authorization with the value of your access_token. It will look like this in Raw
Authorization: Bearer nvhxw0MQf9CPbT2fr8FN4uUvGCSmCE2MiTIo14mniaaI5lJiLUwhs1OJc1d6blyJVFfPjlyFX0BhmCgJicpCdfoxJPbsYzl34FLKQDfRjC4uB9F9LlPoMmRrd98g8HN1pqCs6LYMNV24QXfvar87bSKx8f1K5F1gyWsgHbiaa9DpyHNC0NmaXz1ojDprw0aCfGlbZ6osvMng9tTWR1LmegtEJrHslPvRIq0CPXiS2l81VPAPNLUgDYivSnzEY0q7s
You should then get back your user id like so:
{
user_id: "1"
name: "Bob Smith"
scope: "*"
}
And there you go, Enjoy!
Thanks a lot!