Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents


The following documentation shows the OAuth2 lifecyclelife cycle, how to provide your OAuth2 client-ID and client-secret to the PowerFolder server and how to receive an access- and refresh token.

Requirements server-side

  • Just set your OAuth2 client-ID and client-secret on the PF-Server with the API call mentioned below.
  • API call (admin login required):


Workflow client-side

  • Your OAuth2 has to sent an initial POST request to start OAuth2 authentication against the server:


    Note: The state must be generated by your OAuth2 client. This can be any random alphanumeric string.

  • If an active user session is available the server will show the OAuth2 "Allow or Decline" page, if not the user has to enter his credentials after that the¬†OAuth2 "Allow or Decline" will be displayed.
  • If the user clicks on "Allow" the server will send a GET request to the OAuth2 client with the following URI:¬†


  • This state should now be validated by your OAuth2 client. After successful validation your client should respond with a POST request and a JSON body against the server:
    "grant_type" : "authorization_code",
    "code" : "<AUTH-CODE>",
    "client_id" : "<CLIENT-ID>",
    "client_secret" : "<CLIENT-SECRET>"

  • The state, client-ID and secret will be validated by the server. If these parameters could be validated successfully the server will responds with the final access-/refresh-tokens as JSON:
    "access_token": "<ACCESS-TOKEN>",
    "refresh_token": "<REFRESH-TOKEN>",
    "expires_in": <EXPIRES-IN>


Theoretical workflow: OAuth2 lifecyclelife cycle

nameOAuth2 lifecycle