Using an OAuth token

<< Click to Display Table of Contents >>

Navigation:  Octopus Webservice > Demo Application >

Using an OAuth token

 Previous pageReturn to chapter overviewNext page

Octopus implements an OAuth token authorization and authentication.

 

Authorize Step

 

 To retrieve an authorization code you need to provide the following parameters:

scope : webservice
response_type : code
client_id : This is the software house identification assigned
redirect_uri : This is the redirect uri that was given when registering the software house.
state : The state parameter is used by the application to store request-specific data and/or prevent CSRF attacks. The authorization server will return the unmodified state value back to the application.

 

The url for the authorization is : https://service.inaras.be/octopus-oauth/authorize

 

The user will be redirected to a login screen to enter their octopus credentials.

 

oauth_login

 

In case the user hasn't given authorization to allow the third party application to communicate with the webservice the following screen will be shown

 

oauth_grant_permission

 

Where 'Inaras' will be replaced by the name of the software company used when registrating the software house.

 

You are redirected to the redirect_uri with a parameter code, which contains the authorization code. This code is valid for 5 minutes.

 

Token retrieval

 

To retrieve an access token from an authorization code, you will need to POST the following parameters:

grant_type : authorization_code
client_id : Software house identification
code : the authorization code received from the previous step

 

This will return a JSON structure with an access token, valid for 10 minutes and refresh token valid for 60 days.

 

To retrieve an access token from an refresh token, you will need to POST the following parameters:

grant_type : refresh_token
client_id : Software house identification
refresh_token : The refresh token acquired by a previous token retrieval with an authorization code.

 

This will return a JSON structure with an access token, valid for 10 minutes and a new refresh token valid for 60 days.

 

The url for token retrieval is https://service.inaras.be/octopus-oauth/token