Obtaining an access token

To get an access token, we call the authorization server (http://localhost:8080/oauth/token), providing the client authentication details in the basic authentication mode and the user credentials as part of the form data. The following screenshot shows how we can configure the client authentication details in basic authentication:

The following screenshot shows how to configure the user authentication details as part of the POST parameters:

We are using grant_type ;as the password, indicating that we are sending the user authentication details to get the access token. When we execute the request, we get a response similar to the one shown in the following code snippet:

    {
      "access_token": "a633dd55-102f-4f53-bcbd-a857df54b821",
      "token_type": "bearer",
      "refresh_token": "d68d89ec-0a13-4224-a29b-e9056768c7f0",
      "expires_in": 43199,
      "scope": "openid"
    }

Here are a couple of important details:

  • access_token: Client application can use the access token to authenticate further API calls. However, the access token will expire, typically in a very short time period.
  • refresh_token: Client application can submit a new request to the authentication server with the refresh_token to get a new access_token.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset