Commit 4bc1b49e authored by Matija Obreza's avatar Matija Obreza

Documented the password, client_credentials grants

parent c27257d5
...@@ -45,6 +45,9 @@ Most OAuth libraries, including https://gitlab.croptrust.org/genesys-pgr/genesys ...@@ -45,6 +45,9 @@ Most OAuth libraries, including https://gitlab.croptrust.org/genesys-pgr/genesys
Java library, will automatically obtain the access token following the OAuth protocol. This Java library, will automatically obtain the access token following the OAuth protocol. This
section describes how to manually obtain the tokens. section describes how to manually obtain the tokens.
==== Authorization Grant
Log-in to Genesys with your account or Google+ Log-in to Genesys with your account or Google+
Obtain a verifier code by granting access to the "Genesys API reference" client. This is Obtain a verifier code by granting access to the "Genesys API reference" client. This is
...@@ -63,6 +66,42 @@ Copy the authorization code: *THECODE* (looks like: 7wXP1r) and from shell, exec ...@@ -63,6 +66,42 @@ Copy the authorization code: *THECODE* (looks like: 7wXP1r) and from shell, exec
$ curl 'https://sandbox.genesys-pgr.org/oauth/token?grant_type=authorization_code&client_id=CLIENTID&client_secret=SECRET&redirect_uri=oob&code=THECODE' $ curl 'https://sandbox.genesys-pgr.org/oauth/token?grant_type=authorization_code&client_id=CLIENTID&client_secret=SECRET&redirect_uri=oob&code=THECODE'
---- ----
==== Username & Password
The **password grant** is available to trusted, secure clients (e.g. desktop
applications) where the user's password will not be captured or stored -- i.e.
it will be used once.
----
$ curl 'https://sandbox.genesys-pgr.org/oauth/token' --data 'scope=write+read&grant_type=password&username=USERNAME&password=PASSWORD&client_id=CLIENT_ID&client_secret=CLIENT_SECRET'
----
==== Client Credentials
System-to-System integration should not require user interaction. For that
specific purpose, Genesys allows for OAuth 2.0 "Client Credentials" grant.
With Genesys release 2.3 the *Client authentication grant* is also supported.
Kindly contact the helpdesk@genesys-pgr.org for information how to enable
system-to-system integration and to grant your Client the appropriate
permissions on Genesys.
**Note**: The client will be able to modify any data on Genesys on your behalf.
Read the section <<oauth, Client Credential Grant>>.
To obtain a valid (but short-lived) access token, a simple **POST** request to
Genesys is required:
----
$ curl -X POST 'https://sandbox.genesys-pgr.org/oauth/token?grant_type=client_credentials&client_id=CLIENTID&client_secret=SECRET&redirect_uri=oob'
----
This type of grant takes out the **user** authentication and authenticates the
remote system with Genesys, immediately issuing an access token.
==== Successful authorization
The server will respond with access token details in JSON format: The server will respond with access token details in JSON format:
[source,json] [source,json]
...@@ -97,16 +136,6 @@ or include it in the request URL as a query string parameter: ...@@ -97,16 +136,6 @@ or include it in the request URL as a query string parameter:
$ curl 'https://sandbox.genesys-pgr.org/api/v0/me?access_token=OAUTH-ACCESS-TOKEN' $ curl 'https://sandbox.genesys-pgr.org/api/v0/me?access_token=OAUTH-ACCESS-TOKEN'
---- ----
=== System-to-System integration
With Genesys release 2.3 the *Client authentication grant* is also supported. Kindly
contact the helpdesk@genesys-pgr.org for information how to enable system-to-system
integration and to grant your Client the appropriate permissions on Genesys.
**Note**: The client will be able to modify any data on Genesys on your behalf.
Read the section <<oauth, Client Credential Grant>>.
=== Using the refresh token === Using the refresh token
OAuth access tokens have a fairly short lifetime. When an access token expires, the OAuth access tokens have a fairly short lifetime. When an access token expires, the
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment