search

lucj / sails-oauth2-api

140 stars 34 forks source link

How do you utilize the example trusted client? #3

Closed KingFinlayson closed 9 years ago

KingFinlayson commented 9 years ago

Hey,

I'm just getting up to speed with node.js and sails in particular so I'm not too fond of how things should function. I've pulled down this codebase and running it locally, but I'm not sure how to test "oauth/authorize" in the browser. When I try to hit this url, after successful login, I get an error of untrusted client.

How do I leverage the trusted client inside the example folder in order to properly retrieve an access token?

Any insight would be great!

Thanks

lucj commented 9 years ago

Hello,

When you perform the following request:

http://localhost:1337/oauth/authorize?client_id=KXVY0SMNI4&response_type=code&redirect_uri=http://localhost:1338&scope=http://localhost:1337

and when the user has allowed the access of the data, a code is sent back to the trusted client (the one running on port 1338 in the example).

Then to get an access token, a post request need to be done (with the client_id / client_secret / redirect_uri / code), exemple in curl:

curl -XPOST -d 'client_id=KXVY0SMNI4&client_secret=Jym2YVFxncHVYcnS6Vn10K1TOq6SFa&grant_type=authorization_code&redirect_uri=http://localhost:1338&code=nv6eeXUm8zGIUVe0' http://localhost:1337/oauth/token

=>

{"access_token":"JzbwaqAr2tChhiBxgnlPx13FOM5SYso4spKxAGNJyVgVD0YAA3jZvqkxLOxuLDnvNIeyfiQdvHAuj9nks9LtIJiRmWsCC6pM9rm59a0NS69E2q0o5iw3IimVJoukUwxtCQtzwzhjtfK29DiREY9tk6yoUxJXY9uaasad5Uvd0CEj8YBNdKFkqLLmpDZN7EqR9bbBL5gKdQZSWtO5Q9m3AfcrifKZy6s1HmeQ9qaC1TmnQ2VbhWnEDYHQhGTyIeAB","refresh_token":"gL18lCftOXYJ7l0AKxwdEMcWfxEa1ZQbs74YudxYG21RULrGGSynrUDKevkdRU5tBrj6L5CT3vIpcOJvIRAoUsWTve9fJcmjGjQ5EAvjkhhebRurkAvwciaIYTYVVaToMZk6BWbWGw6cqdGbXZ95nTBnRkB1brfCMR6bXIm0VqxTp5BR4xULcAgQy7M8nF41ea8ebR6zdEcrpdY7lP89aZLN6yrj12TemP3YRM4gEBhzmi2HJVQgdRxiQbHW2n1C","expires_in":3600,"token_type":"Bearer"}

I’ll definitively update this is a near future so it’s clearer. Thanks a lot for your feedback. Luc

KingFinlayson commented 9 years ago

Thanks for your input, I got past that part! Everything went well but I have another question on how to utilize the access token to retrieve data from the api.

I would assume it goes in the header like so: Authorization: Bearer [ACCESS TOKEN]?

KingFinlayson commented 9 years ago

Nevermind, I answered my own question. :)

Maybe it's worth mentioning that as well in the README. Thanks!

lucj commented 9 years ago

Hi, sorry I was late to reply :) Glad you got it working. I will update the README

KingFinlayson commented 9 years ago

No problemo, but one last question; Is there a way to authorize a client without having to log in or is that a part of the oAuth workflow?

KingFinlayson commented 9 years ago

You actually have multiple workflows available and one of them satisfies my question so again, nevermind haha. Great work here, if I have any REAL questions I'll be sure to ask!

Thanks

lucj commented 9 years ago

Hi, I'm glad it could help :) Thanks, and do not hesitate to ask.

On Fri, Jan 9, 2015 at 7:43 PM, BCJFinlayson notifications@github.com wrote:

You actually have multiple workflows available and one of them satisfies my question so again, nevermind haha. Great work here, if I have any REAL questions I'll be sure to ask!

Thanks

— Reply to this email directly or view it on GitHub https://github.com/lucj/sails-oauth2-api/issues/3#issuecomment-69378550.