Hi , We are planning to use " authorization grant flow via a back-end API call ". Could you please let me know the process to get the access token and refresh token after we create API-only user with appropriate permissions ? This is to pull data from lithium community sites and display on some of our other sites. An earliest response will help a lot ! Thanks,Hari

Hi Hari329 the "Authorization Grant" flow is interactive and therefore not suitable for a server to server integration. You could of corse log in manually with the "API user" via the browser and obtain an access and refresh token, and then use these directly, but I don't think this would be suitable for a back-end integration. What I suggest for the time being is to see whether you can use rest V1 in that scenario, for the time being. Thanks,

To clarify my above response, you could also approach this by coding an administrative interface which allows an authorized admin user to link your application via the interactive flow (using the api only account) and then persists the tokens that will be used for the subsequent calls. This would also allow to refresh the tokens if they become invalid and for some reason it's not possible to get a new one via a refresh token etc...

Hi Hari329 I think this is described in the documentation I have linked. Essentially, you have 24 hours to use your refresh token to obtain a new refresh/access token pair. If more time passes, you may need to re-do the initial authentication log-in flow. Re the administrative interface part: I am referring to the "manual" login part - this could be done via an appropriate UI (an administrative interface to obtain valid tokens) rather than completely manually. Cheers,

Hi Hari329 further to the above. The documentation mentions the following Using the authorization grant flow via a back-end API call The authorization grant flow assumes that a web browser is involved during authentication. If you want to use a back-end API call for OAuth, create an API-only user with appropriate permissions to make the API calls. This API-only user must login once through the community using the authorization flow to receive access and refresh tokens. From there on subsequent authenticated, backend API calls can be made using the tokens. What that means is, even if the user will be used for back end calls, they will still need to go trough the standard OAuth interactive exchange for the first login, to make sure that you can get a valid access token and refresh token for that user. The below diagram (from the KB page) depicts the interactive exchange (which is the same used for normal, non API users) At the end of the process (which can be initiated with any suitable HTTP client, manually) you will have obained an access token and a refresh token and you can then store them in your application for subsequent calls. SuzieH - it looks like our KB page may need some more detail to avoid confusion around this manual step required for backend users. Is that something you can help with? Thanks,

PaoloT and Hari329 I added more detail to the section in the OAuth 2.0 documentation describing how to use the API user for back-end calls with OAuth 2.0.

Using the authorization grant flow via a back-end API call

14 Replies

SuzieH
Khoros Alumni (Retired)
10 years ago
PaoloT and Hari329 I added more detail to the section in the OAuth 2.0 documentation describing how to use the API user for back-end calls with OAuth 2.0.
Hari329
Adept
10 years ago
Hi ,

Thanks a lot for clarifications and updating documentation. Below is summary of our understanding :

Obtaining access and refresh key is one time process which can be achieved by manual log in process.
Once we obtain these keys using this manual log in process , refresh key can be used for subsequent calls for retrieving data as refresh key will never expire.

Please correct me if any one if above statement is wrong.

I have tried to obtain access and refresh tokens in below way :

Accessed our community site
Loged in using Sign In option available

Used my credentials which were granted with API-only permissions to sign in. Below is screenshot after sign in :

I couldn’t see any option/link to retrieve access and refresh tokens.

Could you please correct me If I am doing wrong process here ? And also please point me from where I can request for access and refresh token.

And also as per documentation (Request authorization section of - http://community.lithium.com/t5/Community-API-v2/OAuth-2-0-authorization-grant-flow/ta-p/138402#getAuthorizationcode), I have tried below process to retrieve authorization code :

https://www.rbs-communities.co.uk/auth/oauth2/authorize?client_id=wPfOkT3FhtL6ZZTFCzWGajoUXC4hUbtAtF1h/Y4ck8w=&response_type=code&redirect_uri=www.rbs-communities.co.uk/getaccesstoken

But seeing below error :

Its mentioned that he redirect_uri used in the authorization request must match the callback URL defined for the community. Who will be providing this ?
eurcew
Contributor
10 years ago
I'm experiencing pretty much the same issue with a similar error page but a slightly different code.

I submit this

http://communities-lithiumstage.sas.com/auth/oauth2/authorize?client_id=<client-id>=&response_type=code&redirect_uri=http://communities-lithiumstage.sas.com/getaccesstoken

An Unexpected Error has occurred. - SAS Support Communities
Your request failed. Please contact your system administrator and provide the date and time you received the error and this Exception ID: 3336769F.
Click your browser's Back button to continue.
AdamN
Khoros Oracle
10 years ago
For anyone experiencing the "An Unexpected Error has occurred", please double check that your query string values are URL encoded. client_id and redirect_uri both contain characters that need to be encoded.

If you’re testing outside of a coding environment, this tool might be handy:

http://meyerweb.com/eric/tools/dencoder/

Forum Discussion

Using the authorization grant flow via a back-end API call

14 Replies

Related Content

Aurora: Add co-authors to blog posts

Aurora: Remove co-authors from blog posts

503 - Service unavailable back-end server is at capacity

How to Use Atlas

Help Us Help You!

Recent Discussions

How to fetch all labels associated with TkbArticlePage and count how many times each label is used

In Aurora, add additional <script> and <meta> tags

Setup content filter for arabic language

24.10 API change breaks navigation

How to create/subscribe the Webhook in Aurora