OAuth2 Building Block

OAuth2 building block allows resource owner credentials flow (ie. password grant) with the OAuth provider. Following actions are possible: get the access token, and refresh it when it is expired, get the token information and get the resource owner information.

For more information please look at OAuth2 Bible

GET methods

GET /oauth/token/info

Ask the information about the access_token to the OAuth provider.

Request JSON Object:
 
  • access_token (string) – access token obtained from the user
Response JSON Object:
 
  • resource_owner_id (string) – UUID of the user
  • expires_in_seconds (integer) – access_token expiry in seconds
  • application (hash) – Application that was used to login the user, null if user identified directly with OAuth provider
  • created_at (integer) – time of creation of access_token
Response JSON Array of Objects:
 
  • scopes (string) – scopes currently not used, needed for authorization (i.e. what info can I get with this token)
Status Codes:

Example request:

GET /oauth/token/info?access_token=9b3dbc64a7b6ef4c5e2f9b0c8a6323c35fcb945e63f858fb748e51e5c92df2dd HTTP/1.1
Host: https://auth.facts4.work

Example response:

HTTP/1.1 200 OK
Content-type: application/json

{
  "resource_owner_id": "8a1621de-1ee0-4007-a7f4-630d35d34883",
  "scopes": [],
  "expires_in_seconds": 19026,
  "application": {
    "uid": null
  },
  "created_at": 1478251199
}
GET /oauth/token/me

Ask the information about the resource owner of the access_token to the OAuth provider.

Request JSON Object:
 
  • access_token (string) – access token obtained from the user
Response JSON Object:
 
  • id (string) – UUID of the user
  • email (string) – Email of the user
  • created_at (string) – Time of creation of the user
  • updated_at (string) – Last time the user was updated
  • username (string) – Username used for login purpouses
  • admin (string) – Wether the user has admin privileges in the OAuth BB (creation of applications, etc.)
Status Codes:

Example request:

GET /oauth/token/me?access_token=9b3dbc64a7b6ef4c5e2f9b0c8a6323c35fcb945e63f858fb748e51e5c92df2dd HTTP/1.1
Host: https://auth.facts4.work

Example response:

HTTP/1.1 200 OK
Content-type: application/json

{
  "id": "3dcd5388-a8f0-44e1-9cc2-74d84e33173e",
  "email": "demo@facts4.work",
  "created_at": "2016-10-21T15:21:40.687Z",
  "updated_at": "2016-10-28T14:49:58.661Z",
  "username": "demo",
  "admin": true
}

POST methods

POST /oauth/token

Ask for an access_token to the OAuth provider, through the password grant.

Request JSON Object:
 
  • username (string) – username of the resource owner (password grant type)
  • password (string) – password of the resource owner (password grant type)
  • refresh_token (string) – refresh_token given when access_token was obtained (refresh token grant type)
  • grant_type (string) – put password if obtaining the new access_token, or refresh_token if rereshing the existing one
Response JSON Object:
 
  • access_token (string) – a valid access_token that can be used to access other APIs
  • token_type (string) – type of token (should be “bearer”)
  • expires_in (integer) – access_token expiry in seconds
  • refresh_token (string) – a valid refresh_token that can be used to refresh an expired access_token other APIs
  • created_at (integer) – time of creation of access_token
Status Codes:

Example request:

POST /oauth/token HTTP/1.1
Host: https://auth.facts4.work
Content-Type: application/x-www-form-urlencoded

username=user&password=secret&grant_type=password

Example response:

HTTP/1.1 200 OK
Content-type: application/json

{
  "access_token": "02afb0be3b38a5673b70cf71fa0d595e841864706ad9e57be5828a3e94f6fefe",
  "token_type": "bearer",
  "expires_in": 4785,
  "refresh_token": "e54719d3c091fb7ea27405391e926de6373677d76c51a901c7918bb48e1a18a6",
  "created_at": 1454622937
}

Example request:

POST /oauth/token HTTP/1.1
Host: https://auth.facts4.work
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=e54719d3c091fb7ea27405391e926de6373677d76c51a901c7918bb48e1a18a

Example response:

HTTP/1.1 200 OK
Content-type: application/json

{
  "access_token": "36446bcb15e8452efde85826577e0403d1d3a95f84d5d93087d0b7eaaf032557",
  "token_type": "bearer",
  "expires_in": 43200,
  "refresh_token": "f24dc19f77a9f1a9a2a74cdd9925c4eeec110cecfdc5ff8374548aef55dd7fcf",
  "created_at": 1454661432
}