Unable to get authorization code using V2 oauth2
I'm trying to call Community API v2 in order to:
1. Get an authorization code
2. Which can be used to request access tokens
3. Later be able to make request to v2 API passing the access token as Bearer.
All this following the instructions in the OAuth 2.0 authorization grant flow document.
Instructions seems pretty straightforward:
1. Make a GET call to the authorize endpoint (I'm using Paw REST client). Making notice that I'm, including both header and url parameter with the client ID which I already created at community admin. I didn't included a redirect url, because I don't need it, this is intended to be a Backend call.
GET /auth/oauth2/authorize?client_id=COMPANY-CLIENT-ID%3D%3D&response_type=code HTTP/1.1 client-id: COMPANY-CLIENT-ID== Host: www.stg.company.com Connection: close User-Agent: Paw/3.1.4 (Macintosh; OS X/10.12.6) GCDHTTPRequest
2. After this call I should get in return as the doc textually says:
After you call the authorization endpoint, redirect the member to your client application with the authorization code and tenant ID returned with the response to complete the request.
At this point my request does not return what is expected, instead I'm getting 302 Found response, with the below headers.
HTTP/1.1 302 Found Server: Apache X-Frame-Options: SAMEORIGIN Set-Cookie: LiSESSIONID=SOME-SESSION_ID; Path=/; Secure; HttpOnly Set-Cookie: LithiumVisitor=~SOME_COOKIE~VALUE..; Expires=Mon, 13-Sep-2027 21:30:07 GMT; Path=/; HttpOnly Location: https://www.stg.company.com/?response_type=code&redirect_uri=https%3A%2F%2Fwww.stg.company.com%2F%2F&client_id=6XmMCgSBjYo%2F8boYwsEdICuK3O%2FvA5U6Huf%2FjE2kNxw%3D Via: 1.1 varnish Fastly-Debug-Digest: 0e18909eb3f76f7dad7f8262a3c3ed27d2e751a77b5cdad6f72b85e51b13fdb5 Strict-Transport-Security: 608400 Content-Length: 0 Accept-Ranges: bytes Date: Fri, 15 Sep 2017 21:30:07 GMT Via: 1.1 varnish Age: 0 Connection: close X-Served-By: cache-sjc3125-SJC, cache-dfw18639-DFW X-Cache: MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S1505511008.567881,VS0,VE62 Access-Control-Allow-Origin: https://www.stg.company.net
So I'm not even able complete this first step successfully. Any suggestion about what am I missing?