VoipNow for Developers

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Wikid

Saved on

compared with

New Version 7

changes.mady.by.user Wikid

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated using 4PSA automated script

...

NameRequiredDescription
response_typeYesAlways set to code.
redirect_uriYesURI where the system sends the response.
client_idYesApp Key as generated by the system at registration time .
stateNo, but recommendedParameter to be used by the App to verify if the response received from the system is valid.
From the point of view of the server, it does not matter how the state parameter is generated.  

The example below demonstrates how to make a POST request to the authorization endpoint:

...

App receives an authorization code.   If the user has been granted access to the App, the system will redirect him/her to the URI specified in the redirect_uri parameter. The system uses the HTTP GET method to make the request to the App's endpoint:

...

NameRequiredDescription
grant_typeYesAlways set to authorization_code
codeYesThe code received in STEP 4.
redirect_uriYesURI where the system returns the response.
client_idYesApp Key as generated by the system at registration time .
client_secretYesApp Secret as generated by the system at registration time .
stateNo, recommendedParameter to be used by the App to verify if the response received from the system is valid.
From the point of view of the server, it does not matter how the state parameter is generated 

The example below demonstrates how to make a POST request to the token endpoint:

...

Code Block
titleHTTP Response
HTTP 1.1 200 OK
...

{
 "access_token":"1|5~2wKMPg9h~GExN3s01-7wX2XmLI_Xbz|1|1345716093|O_XQYdHR0P-xMvqbVsh_OwRH7GT4.FtR",
 "expires_in":7200,
 "token_type":"Bearer",
 "refresh_token":"9_s2TBCQ1y.PPzVNXkT-Gff6tB9z_bqr",
 "state":"appstate"
 }

 The The response parameters are:

NameDescription
access_tokenValue of the access token. This value is used when making requests to APIs.
expires_inPeriod of time, in seconds, during which the token is valid.
token_typeThe type of the token. Only Bearer is possible.
refresh_tokenRefresh token that can be used to regenerate the token once expired.
stateState parameters as received in the request

...

Note
We advise you to use this flow only if you trust the App requesting authorization. Trusted Apps can be added as described in Register App   documentation.

Step 1

The App requests an access_token. It makes a HTTP POST request to the token endpoint located at https://<hostname>/oauth/token.php. The request URI is made by adding the following parameters to the body of the request and it uses the application/x-www-form-urlencoded format.  In In the table below you can find the Request Parameters:

NameRequiredDescription
grant_typeYesAlways set to client_credentials
redirect_uriYesURI where the system returns the response.
client_idYesApp Key as generated by the system at registration time   .
client_secretYesApp Secret as generated by the system at registration time .
stateNo, recommendedParameter to be used by the App to verify if the response received from the system is valid.
From the point of view of the server, it does not matter how the state parameter is generated 

Step 2

App receives the access token. The response is similar to the response received in the previous flow. The only difference is that no refresh_token is generated. When the token expires, the App must request to authorize with the system again, by repeating the step above.

Anchor
app-tkn-rfs
app-tkn-rfs

...

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.