OAuth2orizeRecipes Server

Welcome to OAuth 2.0. Try one of the grant types below. For more information, see the wiki site.

Authorization Code

The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for confidential clients. Click the link below to begin the grant type. 
  https://localhost:3000/dialog/authorize?
  redirect_uri=https://localhost:3000&
  response_type=code&
  client_id=abc123&
  scope=offline_access

Implicit

The implicit grant type is used to obtain access tokens (it does not support the issuance of refresh tokens) and is optimized for public clients known to operate a particular redirection URI. Click the link below to begin the grant type. 
  https://localhost:3000//dialog/authorize?
  redirect_uri=https://localhost:3000&
  response_type=token&
  client_id=abc123

Resource Owner Password Credentials

The resource owner password credentials grant type is suitable in cases where the resource owner has a trust relationship with the client, such as the device operating system or a highly privileged application. Open your browser's debug tools, and click the Submit Post button below to begin the grant type. 
  POST oauth/token HTTP/1.1
  Host: https://localhost:3000
  Content-Type: application/x-www-form-urlencoded
  Authorization: Basic YWJjMTIzOnNzaC1zZWNyZXQ=

  grant_type=password&
  username=bob&
  password=secret&
  scope=offline_access


Client Credentials

The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control, or those of another resource owner that have been previously arranged with the authorization server. Open your browser's debug tools, and click the Submit Post button below to begin the grant type. 
  POST oauth/token HTTP/1.1
  Host: https://localhost:3000
  Content-Type: application/x-www-form-urlencoded
  Authorization: Basic YWJjMTIzOnNzaC1zZWNyZXQ=

  grant_type=client_credentials

Access Token

In your URL you will see the following access_token fragment which has your your access token, expiration, and token type

You can use your access token to call an endpoint such as a user info endpoint. To do this, set the Authorization Bearer to have your access token. Open your browser's debug tools, press the Call API EndPoint button and look at your network tab. 

GET /api/userinfo HTTP/1.1
Host: https://localhost:3000
Authorization: Bearer

User Information

Underneath your brower's network tab you will see the following JSON response from a successful API endpoint call.

Access Token

Underneath your browser's network tab you will see the following response with your access token, refresh token, expiration time, and token type

You can use your access token to call an endpoint such as a user info endpoint. To do this, set the Authorization Bearer to have your access token. Press the Call API EndPoint button and look at your network tab. 

GET /api/userinfo HTTP/1.1
Host: https://localhost:3000
Authorization: Bearer