Forum Discussion

patils27's avatar
patils27
Guide
5 years ago

How To Get OAuth 2.0 Access Token & Refresh Token

 

Hi All ,

below are steps to get OAuth 2.0 Access Token & Refresh Token 


To Get OAuth 2.0 Access , first step is to get access code

How to get access code ,

1) Get Redirect URL http://xxxx/getAccessToken . (It can be whatever you want, as long as you reference it in the API call.)

2) URL-encode the Client ID and the State to properly format any special characters.

3) Enter URL encoded values in below URL:
https://xxxx/auth/oauth2/authorize?client_id=xxxx&response_type=code&redirect_uri=http://xxxx/getAccessToken&state=xxxx

4) I will then get routed back to my redirect URL with the authorization code shown in the code argument of the query string, as shown below. (I get a “site can’t be reached” message but that’s to be expected since the Redirect URL is just something I made up since it doesn’t need to actually work for my purposes, since it’s just used for authentication. The Redirect URL would only matter if I were actually developing a web app for end-users.)

 

How to get Access Token

POST /auth/accessToken request

curl -X POST \
https://[COMMUNITY DOMAIN]/api/2.0/auth/accessToken \
-H "Content-Type: application/json" \
-H "client-id: [CLIENT ID]" \
-d '{
"client_id":"[CLIENT ID]",
"client_secret":"[CLIENT SECRET]",
"grant_type":"authorization_code",
"redirect_uri":"[REDIRECT URI]",
"code":"[AUTHORIZATION CODE]"
}'


POST /auth/accessToken response

{
"response": {
"status": "success",
"message": "OK",
"http_code": 200,
"data": {
"access_token": "o5IV0yIiNDj/5lNJ6doJh08LX6SsDwtkDXDVmhGvRtI=",
"expires_in": 86400,
"lithium_user_id": "2d8c95ed-21dc-4ba6-ab9f-d3eff9c928ce",
"refresh_token": "XAAWIWKr38W33SlqYooR9OEJW0um9DoyB/o843rdIxk=",
"token_type": "bearer"
}
}
}


Refresh the access token

An access token is valid for 24 hours before it expires. Refresh the token within that time period with a POST call to /auth/refreshToken and passing the refresh_token received in the response from POST /auth/accessToken. Otherwise, the user will go through the authentication flow again.

When you pass the refresh_token, the Authorization Service issues a new access token and (optionally) a new refresh token. Store the new refresh token in case you need it for subsequent refreshes. The refresh token does not expire.


Community Link:  https://xxxx/api/2.0/auth/refreshToken

{
            "client_id":"xxxx",
            "client_secret":"xxxxx",
            "grant_type":"refresh_token",
            "refresh_token":"xxxxx"
}

 

Hope this helps .....

 

Please refer below link for details:

https://developer.khoros.com/khoroscommunitydevdocs/docs/oauth-

authorization-grant

 

Thanks & Regards

Sachin Patil

No RepliesBe the first to reply