Skip to content

Instantly share code, notes, and snippets.

@IskenHuang

IskenHuang/AdvancedRestClientOAuth2orize.md

Forked from FrankHassanabad/AdvancedRestClientOAuth2orize.md
Created July 18, 2013 14:41
Show Gist options
  • Save IskenHuang/6029886 to your computer and use it in GitHub Desktop.
Save IskenHuang/6029886 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
AdvancedRestClientOAuth2orize.md

Advanced Rest Client with OAuth2orize

For this to work you will need to install the Advanced Rest Client for some of these steps. Of course you will need to install OAuth2orize as well.

Run the oauth2orize provider/server example which does server-side OAuth flow:

cd oauth2orize\examples\express2
node app.js

If you open your browser and go to:

http://localhost:3000

You should see the plain text of

OAuth 2.0 Server

which means it's up and running

Authorization Code Grant Example

Put this directly into your browser

http://localhost:3000/dialog/authorize?redirect_uri=http://localhost:3000&response_type=code&client_id=abc123

You should then get back decision option. The decision option will have the text and two buttons of

Hi Bob Smith!

Samplr is requesting access to your account.

Do you approve?
[Allow] [Deny]

Click the [Allow] button and you will be redirected back to your above redirect_uri with the code attached as a query parameter like so

http://localhost:3000/?code=7HMEo1VA1xVS6EkJ

That's your authorization code. You will need to exchange that for a token. Go to your Advanced Rest Client and do a POST using the URL of

http://localhost:3000/oauth/token

The Raw payload of:

code=7HMEo1VA1xVS6EkJ&redirect_uri=http://localhost:3000&client_id=abc123&client_secret=ssh-secret&grant_type=authorization_code

And set your content-type to: application/x-www-form-urlencoded

Then you'll get back your token which will look like this:

{
access_token: "nvhxw0MQf9CPbT2fr8FN4uUvGCSmCE2MiTIo14mniaaI5lJiLUwhs1OJc1d6blyJVFfPjlyFX0BhmCgJicpCdfoxJPbsYzl34FLKQDfRjC4uB9F9LlPoMmRrd98g8HN1pqCs6LYMNV24QXfvar87bSKx8f1K5F1gyWsgHbiaa9DpyHNC0NmaXz1ojDprw0aCfGlbZ6osvMng9tTWR1LmegtEJrHslPvRIq0CPXiS2l81VPAPNLUgDYivSnzEY0q7"
token_type: "bearer"
}

From there you exchange that for access to a resource. We'll access the api/userinfo resource. In your Advanced Rest Client use this URL with GET:

http://localhost:3000/api/userinfo

In the header section add the key of Authorization with the value of your access_token. It will look like this in Raw

Authorization: Bearer nvhxw0MQf9CPbT2fr8FN4uUvGCSmCE2MiTIo14mniaaI5lJiLUwhs1OJc1d6blyJVFfPjlyFX0BhmCgJicpCdfoxJPbsYzl34FLKQDfRjC4uB9F9LlPoMmRrd98g8HN1pqCs6LYMNV24QXfvar87bSKx8f1K5F1gyWsgHbiaa9DpyHNC0NmaXz1ojDprw0aCfGlbZ6osvMng9tTWR1LmegtEJrHslPvRIq0CPXiS2l81VPAPNLUgDYivSnzEY0q7s

You should then get back your user id like so:

{
user_id: "1"
name: "Bob Smith"
scope: "*"
}

And there you go, Enjoy!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment