Available since BellaDati 2.9.18

Process

Get the User’s Permission

Request Structure

URL

https://service.belladati.com/auth/oauth/request

Method

POST

Parameters

  • client_id: Your account's client id. To configure it, please visit your domain settings page.
  • redirect_uri: Tells the authorization server where to send the user back to after they approve the request.
  • response_type=CODE: This tells the authorization server that the application is initiating the authorization code flow.
  • state: The application generates a random string and includes it in the request. It should then check that the same value is returned after the user authorizes the app. 
Example http://service.belladati.com/auth/oauth/request:new?client_id=8208110359&redirect_uri=http://service.belladati.com/auth&response_type=CODE&state=122342

Returns

Opens authorization page

https://service.belladati.com/redirect?code=g0ZGZmNjVmOWIjNTk2NTk4ZTYyZGI3&state=122342

Authorize the request 

When a user visits this URL, the authorization server will present them with a pop-up asking if they would like to authorize this application’s request.

If the user approves the request, the authorization server will redirect the browser back to the redirect_uri specified by the application, adding a code and state to the query string.

https://service.belladati.com/redirect?code=g0ZGZmNjVmOWIjNTk2NTk4ZTYyZGI3&state=122342

Exchange the Authorization Code for an Access Token

Request Structure

URL

http://localhost:8080/oauth/v2/accessToken

Method

POST

Parameters

  • grant_type=authorization_code: This tells the token endpoint that the application is using the Authorization Code grant type.
  • code: The application includes the authorization code it was given in the redirect.
  • redirect_uri: The same redirect URI that was used when requesting the code.
  • client_id: Your account's client id. To configure it, please visit your domain settings page.
  • client_secret: The application’s client secret. This ensures that the request to get the access token is made only from the application, and not from a potential attacker that may have intercepted the authorization code.
Example http://localhost:8080/oauth/v2/accessToken?grant_type=authorization_code&code=WM0iK6vhik2aUvGmvjiAjl4q3nvWqE3uUcd1Y93V&redirect_uri=http://localhost&client_id=8208110359

Returns

JSON with access token
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache

{
  "access_token":"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
  "token_type":"bearer",
  "expires_in":3600,
  "refresh_token":"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk",
}
  • No labels