The flow is meant to be used by an application that can securely store secret keys (your client_secret).
Getting the access_token
You need to use client_id and client_secret and exchange it for an access_token.
To do that, you just need to do a POST HTTP request to the token URL of your Provider (e.g. https://[providerFQDN]/oauth/token) with the following parameters:
|
client_id required |
string | Your Connect Application client ID |
|
client_secret required |
string | Your Connect Application |
|
grant_type required |
string | Should be |
Following this request, you will get a response from Connect containing the following:
-
An
access_tokenrepresenting the Authorization for your Application. The receivedaccess_tokenis a JSON Web Token (JWT) and has a validity of one hour. -
A
refresh_tokenthat you can use to, as the name implies, refresh anaccess_tokenthat has expired to get a new pair ofaccess_token/refresh_token
|
Note
|
The length of tokens can vary and exceed 255 characters. Keep that in mind if you want to store them in a database as a VARCHAR will not be large enough.
|
|
Warning
|
Both the access_token and the refresh_token are sensitive information and should NEVER be shared.
|
Code Sample
The following code shows how your Application can request an access_token
with a client_id and client_secret.
|
Note
|
For the sake of clarity, we’re using the following node packages:
|
|
Caution
|
The following code is not production ready |
// app.js
const request = require("request");
const jwt = require("jsonwebtoken");
const payload = {
client_id: client_id,
client_secret: client_secret,
grant_type: "client_credentials"
};
request.post(
"https://[providerFQDN]/oauth/token",
{ form: payload },
function(err, httpResponse, body) {
const json_response = JSON.parse(body);
jwt.verify(json_response.access_token, client_secret, function(err, decoded_jwt) {
if (err !== null) {
// something went wrong
} else {
// Yay! 🤗 Your application is now authenticated
// `decoded_jwt` contains the information about the token
}
});
}
);