There's currently only one OAuth application registered, with the hardcoded scope tachyon.lobby, one redirect uri: http://127.0.0.1/oauth2callback and the client id is generic_lobby.
The lobby flow
This is using the authorization_code flow.
getting an authorization code
First, the client need to generate a PKCE verifier and challenge.
For example:
This implements the two oauth flows required for running tachyon.
There's also at the time of writing, a demo server running at https://tachyon.geekingfrog.com:4567/login
There's currently only one OAuth application registered, with the hardcoded scope
tachyon.lobby
, one redirect uri:http://127.0.0.1/oauth2callback
and the client id isgeneric_lobby
.The lobby flow
This is using the
authorization_code
flow.getting an authorization code
First, the client need to generate a PKCE verifier and challenge. For example:
Then, the client can request an authorization code with a
GET
request to the endpoint:https://tachyon.geekingfrog.com:4567/oauth/authorize?response_type=code&code_challenge=BGLMtLONQ_f6-Z6ikTk8ofWo-cWM3UUeT93LIEG33-M&code_challenge_method=S256&client_id=generic_lobby&redirect_uri=http%3A%2F%2F127.0.0.1%2Foauth2callback
You get redirected to a login screen. The demo server has one user with email/password:
tachyon@foo.bar
and password:tachyonmelon
You then should see a screen to grant access:
Clicking on "Let's go!" redirects to:
127.0.0.1/oauth2callback?code=<code>
exchanging the authorization code for an access token
You can then issue a
POST
request toand you get back
the autohost flow
I configured one client_id/client_secret pair that can be used to retrieve an auth token:
and this gives the same type of response.
Testing
There are automated tests under 2 location, one for the context and one for the controllers:
Out of (OAuth) Scope for this PR