211 lines
8.9 KiB
HTML
211 lines
8.9 KiB
HTML
<!doctype html>
|
|
<html>
|
|
<head>
|
|
<title>ProcessMaker Oauth2 Server</title>
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
|
<!-- Style sheets -->
|
|
<link rel="stylesheet" type="text/css" href="/assets/css/pure-min.css">
|
|
<link rel="stylesheet" href="/assets/css/base-min.css">
|
|
<link rel="stylesheet" type="text/css" href="/assets/css/grids-responsive-min.css">
|
|
<script type="text/javascript" src="/assets/js/jquery.min.js"></script>
|
|
<link rel="stylesheet" type="text/css" href="/assets/css/oauth2.css">
|
|
</head>
|
|
<body>
|
|
<div id="layout" class="pure-g">
|
|
<div class="sidebar pure-u-1 pure-u-md-1-4">
|
|
<div class="header">
|
|
<hgroup>
|
|
<h2 class="brand-title">ProcessMaker</h2>
|
|
<h3 class="brand-tagline">Authorization Server</h3>
|
|
<h4 class="brand-tagline">OAuth v2</h4>
|
|
</hgroup>
|
|
|
|
<!--<nav class="nav">
|
|
<ul class="nav-list">
|
|
<li class="nav-item">
|
|
<a class="pure-button" href="#">AAA</a>
|
|
</li>
|
|
<li class="nav-item">
|
|
<a class="pure-button" href="#">BBB</a>
|
|
</li>
|
|
</ul>
|
|
</nav>-->
|
|
</div>
|
|
</div>
|
|
|
|
<div class="content pure-u-1 pure-u-md-3-4">
|
|
<div>
|
|
<!-- A wrapper for all the blog posts -->
|
|
<div class="posts">
|
|
<h1 class="content-subhead">Authorization Code</h1>
|
|
<section class="post">
|
|
<header class="post-header">
|
|
<h2 class="post-title">Authorization Code</h2>
|
|
|
|
<p class="post-meta">
|
|
See RFC <a href="http://tools.ietf.org/html/rfc6749#section-4.1" target="_blank" class="post-author">Authorization Code Grant</a>
|
|
</p>
|
|
</header>
|
|
|
|
<div class="post-description">
|
|
<p>
|
|
The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for
|
|
confidential clients.<br/>
|
|
|
|
<ol>
|
|
<li>
|
|
Register the application
|
|
<pre>
|
|
GET {$host}/{$workspace}/oauth2/apps</pre>
|
|
</li>
|
|
<li>
|
|
Request Authorization
|
|
<pre>
|
|
GET {$host}/{$workspace}/oauth2/authorize?response_type=code&client_id={literal}{the-client-id}{/literal}&scope=*</pre>
|
|
</li>
|
|
<li>
|
|
Exchange Authorization code by an Access Token.
|
|
|
|
<pre>
|
|
POST {$host}/{$workspace}/oauth2/token
|
|
Authorization: Basic eC1wbS1sb2NhbC1jbGllbnQ6MTc5YWQ0NWM2Y2UyY2I5N2NmMTAyOWUyMTIwNDZlODE=
|
|
|
|
grant_type=code&
|
|
code={literal}{the-authorization-code}{/literal}
|
|
</pre>
|
|
</li>
|
|
</ol>
|
|
|
|
|
|
<p><a id="authcode" href="{$auth_code_link}">{$auth_code_link}</a></p>
|
|
</p>
|
|
</div>
|
|
</section>
|
|
|
|
<h1 class="content-subhead">Implicit Grant</h1>
|
|
<section class="post">
|
|
<header class="post-header">
|
|
<h2 class="post-title">Implicit Grant</h2>
|
|
|
|
<p class="post-meta">
|
|
See RFC <a href="http://tools.ietf.org/html/rfc6749#section-4.2" target="_blank" class="post-author">Implicit Grant</a>
|
|
</p>
|
|
</header>
|
|
|
|
<div class="post-description">
|
|
<p>
|
|
The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens) and
|
|
is optimized for public clients known to operate a particular redirection URI.
|
|
|
|
<pre>GET {$host}/{$workspace}/oauth2/authorize?response_type=token&client_id={literal}{the-client-id}{/literal}&scope=*</pre>
|
|
</div>
|
|
</section>
|
|
|
|
<h1 class="content-subhead">Resource Owner Password Credentials</h1>
|
|
<section class="post">
|
|
<header class="post-header">
|
|
<h2 class="post-title">Resource Owner Password Credentials</h2>
|
|
|
|
<p class="post-meta">
|
|
See RFC <a href="http://tools.ietf.org/html/rfc6749#section-4.3" target="_blank" class="post-author">Resource Owner Password Credentials</a>
|
|
</p>
|
|
</header>
|
|
|
|
<div class="post-description">
|
|
<p>
|
|
The resource owner password credentials grant type is suitable in cases where the resource owner has a trust
|
|
relationship with the client, such as the device operating system or a highly privileged application.<br/><br/>
|
|
|
|
<pre>
|
|
POST {$host}/{$workspace}/oauth2/token
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Authorization: Basic eC1wbS1sb2NhbC1jbGllbnQ6MTc5YWQ0NWM2Y2UyY2I5N2NmMTAyOWUyMTIwNDZlODE=
|
|
|
|
grant_type=password&
|
|
username=bob&
|
|
password=secret&
|
|
scope=*
|
|
</pre>
|
|
</p>
|
|
|
|
</div>
|
|
</section>
|
|
|
|
<h1 class="content-subhead">Client Credentials</h1>
|
|
<section class="post">
|
|
<header class="post-header">
|
|
<h2 class="post-title">Client Credentials</h2>
|
|
|
|
<p class="post-meta">
|
|
See RFC <a href="http://tools.ietf.org/html/rfc6749#section-4.4" target="_blank" class="post-author">Client Credentials</a>
|
|
</p>
|
|
</header>
|
|
|
|
<div class="post-description">
|
|
<p>
|
|
The client can request an access token using only its client credentials (or other supported means of authentication)
|
|
when the client is requesting access to the protected resources under its control, or those of another resource
|
|
owner that have been previously arranged with the authorization server. <br/><br/>
|
|
|
|
<pre>
|
|
POST {$host}/{$workspace}/oauth/2/token
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Authorization: Basic eC1wbS1sb2NhbC1jbGllbnQ6MTc5YWQ0NWM2Y2UyY2I5N2NmMTAyOWUyMTIwNDZlODE=
|
|
|
|
grant_type=client_credentials
|
|
</pre>
|
|
</p>
|
|
</div>
|
|
</section>
|
|
|
|
<h1 class="content-subhead">Refresh Token</h1>
|
|
<section class="post">
|
|
<header class="post-header">
|
|
<h2 class="post-title">Refresh Token</h2>
|
|
|
|
<p class="post-meta">
|
|
See RFC <a href="http://tools.ietf.org/html/rfc6749#section-1.5" target="_blank" class="post-author">Refresh Token</a>
|
|
</p>
|
|
</header>
|
|
|
|
<div class="post-description">
|
|
<p>
|
|
Refresh tokens are credentials used to obtain access tokens. Refresh
|
|
tokens are issued to the client by the authorization server and are
|
|
used to obtain a new access token when the current access token
|
|
becomes invalid or expires, or to obtain additional access tokens
|
|
with identical or narrower scope (access tokens may have a shorter
|
|
lifetime and fewer permissions than authorized by the resource
|
|
owner). Issuing a refresh token is optional at the discretion of the
|
|
authorization server. If the authorization server issues a refresh
|
|
token, it is included when issuing an access token. <br/><br/>
|
|
|
|
<pre>
|
|
POST {$host}/{$workspace}/oauth2/token
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Authorization: Basic eC1wbS1sb2NhbC1jbGllbnQ6MTc5YWQ0NWM2Y2UyY2I5N2NmMTAyOWUyMTIwNDZlODE=
|
|
|
|
grant_type=refresh_token
|
|
refresh_token={literal}{your-refresh-token}{/literal}
|
|
</pre>
|
|
</p>
|
|
|
|
|
|
</div>
|
|
</section>
|
|
</div>
|
|
|
|
<div class="footer">
|
|
<div class="pure-menu pure-menu-horizontal pure-menu-open">
|
|
<ul>
|
|
<li><a href="http://processmaker.com/">ProcessMaker</a></li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|