Create a token using Oauth

OAuth is an open standard for authorization. OAuth allows one program to authorize another program to make changes on behalf of an account holder or end-user

Grant flows

Our OAuth 2 implementation supports the following of RFC-6749's (https://tools.ietf.org/html/rfc6749) grant flows:

  • Implicit
  • Resource Owner Password Credentials

Implicit grant

Useful for browser-based operations without server-side back end support. This grant type requests authorization by directing the browser to:

https://marketingcontenthub/site/oauth2/authorize?client_id={key}&response_type= token
  • client_id (required): The unique id for the client application.
  • response_type (required): Value must be set to " token".

That will redirect to the callback URL with a fragment containing the access token (#access_token={token}&token_type=bearer) where your page's JavaScript can pull it out of the URL.

Resource owner password credentials grant

The resource owner password credentials (i.e., username and password) can be used directly as an authorization grant to obtain an access token.

$ curl -X POST -u "client_id:secret" \
 http://marketingcontenthub/oauth/ token \
 -d grant_type=password -d username={username} -d password={password}
  • client_id (required): The unique id for the client application specied when creating the client entity.
  • secret (required): the client secret specied when creating the client entity.
  • username (required): the username of the user to login with.
  • password (required): the password of the user to login with.

Making requests

Once you have an access token, you can include it in the "Authorization" request header:

Authorization: Bearer {access_ token }.

Refresh tokens

Our access tokens expire in one hour. When this happens you'll get 401 responses. The "authorization code grant" and "resource owner password credentials" grants therefore include a refresh token that can then be used to generate a new access token:

$ curl -X POST -u "client_id:secret"
 http://marketingcontenthub/oauth/ token \
 -d grant_type=refresh_ token -d refresh_ token ={refresh_ token }

Can we improve this article ? Provide feedback