Users should be able authenticate against the API using the ‘password’ grant type (Resource Owner Password Flow).
Endpoint http://localhost:8090/api/oauth/token is called to request a token [access or refresh].
Request
POST /oauth/token HTTP/1.1
Host: localhost:{port}
grant_type=password
&username={user_email}
&password={user_password}
&client_id=letmehack-client
&client_secret=letmehack-secret
username: The end user's email
password: The end user's password
In our requests to the API, client_id is hardcoded as ‘letmehack-client’, and client_secret is hardcoded as ‘letmehack-secret’. In the resource owner password flow, handling client credentials however is optional. If you can't override the client_id or the client_secret comment here your client_id and client_secret in here.
Response
The server should reply with an access token.
Example:-
Users should be able authenticate against the API using the ‘password’ grant type (Resource Owner Password Flow). Endpoint http://localhost:8090/api/oauth/token is called to request a token [access or refresh].
Request
username: The end user's email password: The end user's password
In our requests to the API, client_id is hardcoded as ‘letmehack-client’, and client_secret is hardcoded as ‘letmehack-secret’. In the resource owner password flow, handling client credentials however is optional. If you can't override the client_id or the client_secret comment here your client_id and client_secret in here.
Response The server should reply with an access token. Example:-
Only ‘/events’ and ‘/users/me’ endpoints needs to be oauth secured.