Access token issued to the client (eg: Confluence) based on authorization_code or refresh_token


About Oauth2: https://tools.ietf.org/html/rfc6749




About access_token

https://tools.ietf.org/html/rfc6749#section-1.4

Access tokens are credentials used to access protected resources. An access token is a string representing an authorization issued to the client. The string is usually opaque to the client. Tokens represent specific scopes and durations of access, granted by the resource owner, and enforced by the resource server and authorization server.




Request - authorization_code

https://tools.ietf.org/html/rfc6749#section-4.1.3


The client makes a request to the token endpoint by sending the following parameters using the "application/x-www-form-urlencoded" format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body...


curl -v -i -k -H "Authorization: OAuth" -X POST https://example.com/orestapi/oauth2/access_token?grant_type=authorization_code&code=Sgw7P0b5XaDvedkrK1SRe6kTVG4&redirect_uri=URI&client_id=M3SIwV0JqDyguvhmV0nlvsMJz75DR48c&client_secret=bHOKmLn4PHsGL0sHQiTcSAyHCtZjrOGy


ItemDescriptionNotes
endpoint/orestapi/oauth2/access_token
http methodPOST
Header
Authorization

OAuth


Parametershttps://tools.ietf.org/html/rfc6749#section-4.1.1
grant_type

REQUIRED

Value MUST be set to "authorization_code".

Use "authorization_code", it is a static value

code

REQUIRED

The authorization code received from the authorization server

Created during ORESTAPI oauth2 authorization
redirect_uri

REQUIRED

x-www-form-urlencoded format

If the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.

  •  
client_id

REQUIRED


The client_id of the application making the request
client_secret

REQUIRED

The client_secret of the application making the request




Request - refresh_token

https://tools.ietf.org/html/rfc6749#section-6


curl -v -i -k -H "Authorization: Basic fidsofjsdifpi8989fdsfodsd9wief" -X GET https://example.com/orestapi/oauth2/access_token?grant_type=refresh_token&refresh_token=fdsifjsdf8sd9f8dsf


ItemDescriptionNotes
endpoint/orestapi/oauth2/access_tokendedikált, saját fejlesztésű endpoint oauth2 authorization code access_token folyamathoz
http methodPOST
Header
authorization

Basic

"Basic" + " " + base64 encoded client_id:client_secret

Parameters

grant_type

REQUIRED

Value MUST be set to "refresh_token"

Use "reresh_token", it is a static value

refresh_token

REQUIRED

The refresh_token

Should be valid, if not, error is returned




Response

https://tools.ietf.org/html/rfc6749#section-4.1.4


If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token as described in Section 5.1. If the request client authentication failed or is invalid, the authorization server returns an error response as described in Section 5.2.


     HTTP/1.1 200 OK
     Content-Type: application/json;charset=UTF-8
     Cache-Control: no-store
     Pragma: no-cache

     {
       "access_token":"2YotnFZFEjr1zCsicMWpAA",
       "token_type":"Bearer",
       "expires_in":360,
       "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
     }


ParentKeyValue TypeDescriptionNotes
-
access_token
string

Generated by Odoo

Reusable within expiry.

Expires in 360s.

-
token_type
string

Bearer

Static value

-
expires_in
integer360 secondsHardcoded for now
-
refresh_token
string

Generated by Odoo

Reusable within expiry

Expires in 3600s (10x the access_token). Upon every successful access_token request a new refresh_token is generated, so the validity time is prolonged.