APIFactory OAuth Provider

APIFactory OAuth Provider 1.0.0

0
No votes yet
production
development
https://sandbox.externalapib2b.wlb.nam.nsroot.net:7101/mx-gcgapi-uat/sandbox2

Paths

/token

post /token

Request Access Tokens

This endpoint allows requesting an access token following one of the flows below:

  • Authorization Code (exchange code for access token)
  • Client Credentials (2-legged, there isnt resource owner information)
  • Resource Owner Password Credentials (2-legged, client provides resource owner name and password)
  • Refresh Token (exchange refresh token for a new access code)

The table below indicates the required parameters for each specific grant_type options. Empty cells indicate a parameter is ignored for that specific grant type.

Client authentication:

  • Confidential clients should authenticate using HTTP Basic Authentication. Alternatively, they may post

    their client_id and client_secret information as a formData parameter.

  • Public clients should send their client_id as formData parameter.

grant_type code client_credentials password refresh_token
client_id required | required required | required
client_secret required | required required | required
code required
redirect_uri required
username required
password required
scope optional optional
refresh_token required

The implicit grant requests, see /oauth2/authorize.

grant_type
Required in formData
string

Type of grant

{
    "enum": [
        "authorization_code",
        "password",
        "client_credentials",
        "refresh_token"
    ]
}
client_id
Optional in formData
string

Application client ID, can be provided in formData or using HTTP Basic Authentication

client_secret
Optional in formData
string

Application secret, must be provided in formData or using HTTP Basic Authentication

code
Optional in formData
string

Authorization code provided by the /oauth2/authorize endpoint

redirect_uri
Optional in formData
string

required only if the redirect_uri parameter was included in the authorization request /oauth2/authorize; their values MUST be identical.

username
Optional in formData
string

Resource owner username

password
Optional in formData
string

Resource owner password

scope
Optional in formData
string

Scope being requested

refresh_token
Optional in formData
string

The refresh token that the client wants to exchange for a new access token (refresh_token grant_type)

Content-Type
Optional in header
string
application/x-www-form-urlencoded
Accept
Optional in header
string
application/json
200

json document containing token, etc.

access_token_response
400

json document that may contain additional details about the failure

Example Request
Example Response
POST https://sandbox.externalapib2b.wlb.nam.nsroot.net:7101/mx-gcgapi-uat/sandbox2/api/v1/oauth/token

Definitions 

{
    "type": "object",
    "additionalProperties": false,
    "required": [
        "token_type",
        "access_token",
        "expires_in"
    ],
    "properties": {
        "token_type": {
            "enum": [
                "bearer"
            ]
        },
        "access_token": {
            "type": "string"
        },
        "expires_in": {
            "type": "integer"
        },
        "scope": {
            "type": "string"
        },
        "refresh_token": {
            "type": "string"
        }
    }
}