search

sedovalx / oauth2-tester

Small application to test responses from different OAuth 2.0 API endpoints
0 stars 0 forks source link

Get auth token from the server response #18

Closed sedovalx closed 8 years ago

sedovalx commented 8 years ago

When the client do the auth request via the server it should await the token in the response body:

{
  response: {
    body: {\"access_token\":\"35a70395cea0670c15373e8a05e1e977b3aff913\",\"token_type\":\"bearer\",\"scope\":\"user\"}"
  }
}
sedovalx commented 8 years ago

Almost the same as #7

sedovalx commented 8 years ago

Code flow:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
    "access_token":"2YotnFZFEjr1zCsicMWpAA",
    "token_type":"example",
    "expires_in":3600,
    "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
    "example_parameter":"example_value"
}

Implicit flow:

HTTP/1.1 302 Found
Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA&state=xyz&token_type=example&expires_in=3600

Resource flow:

 HTTP/1.1 200 OK
 Content-Type: application/json;charset=UTF-8
 Cache-Control: no-store
 Pragma: no-cache

 {
   "access_token":"2YotnFZFEjr1zCsicMWpAA",
   "token_type":"example",
   "expires_in":3600,
   "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
   "example_parameter":"example_value"
 }

Client flow:

 HTTP/1.1 200 OK
 Content-Type: application/json;charset=UTF-8
 Cache-Control: no-store
 Pragma: no-cache

 {
   "access_token":"2YotnFZFEjr1zCsicMWpAA",
   "token_type":"example",
   "expires_in":3600,
   "example_parameter":"example_value"
 }
sedovalx commented 8 years ago

Should take response's Content-Type header into account. An API server could return text/plain; charset=UTF-8 or application/json; charset=utf-8. Need to support this two. The example of the text response is Facebook, it returns token in the format of access_token=CAAYlgxqVXtQBACmRJ3ZAo7nZAbKv2nb&expires=5183782