authlib / example-oauth2-server

Example for OAuth 2 Server for Authlib.
https://authlib.org/
684 stars 285 forks source link

What is the full curl command to get access token with request token? #86

Open lgprobert opened 2 years ago

lgprobert commented 2 years ago

Hi, The sample in this repo is pretty straightforward and clear. Thanks.

One thing is not mentioned in tutorial is getting new access_token with refresh_token as way of renewing an access_token.

I tried below command and the other which had auth tuple and both failed.

$ curl -XPOST http://127.0.0.1:8000/oauth/token -F grant_type=refresh_token -F refresh_token=NogJYgBFjH3NmTBDHdDYTCUQBQaMXBFZThdjaHtjraEuT9HM
{"error": "invalid_client"}

The other test is adding client_id and cilent_secret:

curl -u ${client_id}:${client_secret} -XPOST http://127.0.0.1:8000/oauth/token -F grant_type=refresh_token -F scope=profile -F refresh_token=${refresh_token}
{"error": "unauthorized_client"}

What is the correct curl command to get access token with refresh token?

Thanks

nicksonthc commented 2 years ago

The full command should be like below , you need get your client id, client secret and username from the sqlite.

  1. id
  2. secret
  3. username

curl -u iuDsNl5kBL6dxaVWdIUtU53z:IFlpm1up7drF50wdSfceB29PSGX3geqQG683ReI8NzR0BZV7 -XPOST http://127.0.0.1:5000/oauth/token -F grant_type=password -F username=$nicksonthc -F password=valid -F scope=profile

The sqlite database store under folder instance , you can download vscode extension sqlite to browse the row after you create your client via 127.0.0.1:5000

image

Abhishekeyespace commented 2 years ago

Hi I am getting similar error:

curl -u "${CLIENT_ID}:${CLIENT_SECRET}" -XPOST http://127.0.0.1:5000/oauth/token -F grant_type=authorization_code -F code=RSv6j745Ri0DhBSvi2RQu5JKpIVvLm8SFd5ObjOZZSijohe0

{"error": "invalid_request", "error_description": "Invalid \"code\" in request."}%