Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>OAuth is an Authorization Protocol, so if you're looking at a Authentication Solution, this might not be the one. </p> <p>You're question saying the consumer of the API will be various application. This lead to 2 scenarios, </p> <pre><code> 1. Where there is no end user involved (grant_type: client_credential) 2. Where end-user can consume these APIs on multiple Application (Owned by your Org) (grant_type: implicit/password) 3. Where end-user can consume these APIs via third Party Applications.(authrization_code) </code></pre> <p>To support OAuth Eco-System you need a Key Management System. To, </p> <ol> <li>Generate Key/Secret for Apps. </li> <li>Generating AccessToken/Refresh_token/authorization_code </li> </ol> <p>now coming to endpoint you would have to expose, </p> <pre><code>3-Legged OAuth GET /authorize authorize{entry point/ initiate oauth} Sample Call: http://YourAPIService.com/authorize?response_type=code&amp;client_id=GG1IbStzH45ajx9cEeILqjFt&amp;scope=READ&amp;redirect_uri=www.google.com GET /login login (Call Page for login App, 302 redirected from /authorize) Sample Call: http://YourAPIService.com/v1/oauth20/login?response_type=code&amp;client_id=GG1IbStzH45ajx9cEeILqjFt&amp;scope=READ&amp;redirect_uri=www.google.com POST /dologin consentPage http://YourAPIService.com/dologin Submit the credential, On success, render the application page POST /grantpermission consentSubmission http://YourAPIService.com/grantpermission Permission has been granted/declined. Send a 302 to generate authorization_code GET /code AuthorizationCode {To generate auth code} Sample Call: http://YourAPIService.com/code?client_id=GG1IbStzH45ajx9cEeILqjFt&amp;response_type=code&amp;user_id=user@YourAPIService.com&amp;redirect_uri=www.google.com POST /token GenerateAccessToken http://YourAPIService.com/token Sample call: http://kohls-test.mars.apigee.net/v1/oauth20/token Header: Authorization: Basic R0cxSWJTdHpINDVhang5Y0VlSUxxalFj its generated with apps Api Key &amp; Secret. Payload: grant_type=authorization_code&amp;scope=x&amp;redirect_uri=www.google.com&amp;code=abc123 </code></pre> <p>Otherwise simplest/robust solution would be, <a href="http://apigee.com" rel="nofollow">http://apigee.com</a></p> <p>You can use existing OAuth ecosystem of Apigee.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload