CODEWITHSUNDEEP
laraveloauth-2.0guzzle
HungDQ
HungDQ

Reputation: 325

Oauth2 - How to automatically get access token

I have a task which need to call an external Oauth2 API to get data.

The authentication steps of this API is:

  1. Request an application authentication:

https://api.apiname/v1/oauth?app_id= [value] & redirect_url = [value] & response_type = [value] & scope = [value] & state = [value]

-> It will redirect to the login page of this API

  1. Login then get the code
  2. Use that code then request to get an access token:

https://api.apiname/v1/token?grant_type=oauth_code&app_id=[value]&secret=[value]&code=[value]

  1. Use received access token to call specific API to get data.

So how can I get through step 1,2,3 automatically in my system because the client should not have to log in to API to get the code? Is there a way I can go through step 1 without showing login page?

Upvotes: 0

Views: 1160

Answers (1)

Abbin Varghese
Abbin Varghese

Reputation: 2804

I think the main purpose of Authorization code grant type in OAuth2 is to use a 3rd party login without having to save the user credentials in our app.

"Is there a way I can go through step 1 without showing login page?" : If you do this, this is in a way just client credential flow. I am not an expert, but I think this is technically possible using a chrome/firefox driver filling up the data for you using web scraping. But think twice before you use it since you are overriding the whole purpose of AuthCode grant type.

refer : Securing an existing API with our own solution

Upvotes: 2

Related Questions