Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

The following documentation shows the OAuth2 lifecyclelife cycle, how to provide your OAuth2 client-ID and client-secret to the PowerFolder server and how to receive an access- and refresh token.

Requirements server-side

  • Just set your OAuth2 client-ID and client-secret on the PF-Server with the API call mentioned below.
  • API call (admin login required):

    <PF-SERVER-URL>/api/oauth?action=store&client_id=<CLIENT-ID>&client_secret=<CLIENT-SECRET>

Workflow client-side

  • Your OAuth2 has to sent an initial POST request to start OAuth2 authentication against the server:

    <PF-SERVER-URL>/oauth/allow?state=<STATE>&response_type=code&redirect_uri=<CLIENT-HOST>/oauth&client_id=<CLIENT-ID>

    Note: The state must be generated by your OAuth2 client. This can be any random alphanumeric string.

  • If an active user session is available the server will show the OAuth2 "Allow or Decline" page, if not the user has to enter his credentials after that the¬†OAuth2 "Allow or Decline" will be displayed.
  • If the user clicks on "Allow" the server will send a GET request to the OAuth2 client with the following URI:¬†

    <OAUTH2-CLIENT>/<OAUTH2-ENDPOINT>/code=<AUTH-CODE>&state=<STATE-FROM-FIRST-STEP>


  • This state should now be validated by your OAuth2 client. After successful validation your client should respond with a POST request and a JSON body against the server:
    {
    "grant_type" : "authorization_code",
    "code" : "<AUTH-CODE>",
    "client_id" : "<CLIENT-ID>",
    "client_secret" : "<CLIENT-SECRET>"
    }


  • The state, client-ID and secret will be validated by the server. If these parameters could be validated successfully the server will responds with the final access-/refresh-tokens as JSON:
    {
    "access_token": "<ACCESS-TOKEN>",
    "refresh_token": "<REFRESH-TOKEN>",
    "expires_in": <EXPIRES-IN>
    }

...

Theoretical workflow: OAuth2 lifecyclelife cycle

Gliffy
nameOAuth2 lifecycle
pagePin7

...