OAuth 2.0 uses Access Tokens and Refresh Tokens to secure access to applications and resources.
Here is the flow:
Obtaining OAuth 2.0 access tokens from refresh_token for server-side web applications.
When we initially received the access token, it may have included a refresh token as well as an expiration time like in the example below.
{
"access_token": "AYjcyMzY3ZDhiNmJkNTY",
"refresh_token": "RjY2NjM5NzA2OWJjuE7c",
"token_type": "bearer",
"expires": 3600 }
To use the refresh token, make a POST request to the service’s token endpoint with grant_type=refresh_token, and include the refresh token as well as the client credentials if required.
OAuth API:
POST /oauth/token HTTP/1.1
Host: authorization-server.com
grant_type=refresh_token
&refresh_token=xxxxxxxxxxx
&client_id=xxxxxxxxxx
&client_secret=xxxxxxxxxx
The response will be a new access token, and optionally a new refresh token, just like you received when exchanging the authorization code for an access token.
{
"access_token": "BWjcyMzY3ZDhiNmJkNTY",
"refresh_token": "Srq2NjM5NzA2OWJjuE7c",
"token_type": "Bearer",
"expires": 3600
}
I. Refreshing an access token
II. Making an authorized API request [Authorization: Bearer ACCESS_TOKEN ]
After obtaining an access token for a user, your application can use that token to submit authorized API requests on that user's behalf. Specify the access token as the value of the Authorization: Bearer HTTP request header
GET /youtube/v3/channels?part=id&mine=true HTTP/1.1
Host: www.googleapis.com
Authorization: Bearer ACCESS_TOKEN
Using cURL:
curl -H "Authorization: Bearer ACCESS_TOKEN" https://www.googleapis.com/youtube/v3/channels?part=id&mine=true
Note Basic Authentication does not work on token based mechanism. Sample below:
String encoding = Base64.getEncoder().encodeToString(("pwd").getBytes("UTF-8"));
connection.setRequestProperty ("Authorization", "Basic " + encoding);
No comments:
Post a Comment