phpFox 4 Developer Document
Page tree

Versions Compared

Old Version 10

changes.mady.by.user Robert

Saved on

compared with

New Version 11

changes.mady.by.user Robert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

All resource requests (APIs Call) are requiring oauth2 authentication.
 

Grant Types

...

  1. Authorization Code: This grant type is used when the client wants to request access to protected resources on behalf of another user.
  2. Implicit: This grant type is similar to the Authorization Code grant type. But it is optimized for public clients, such as those implemented in javascript or on mobile devices, where client credentials cannot be stored.
  3. User Credentials: This grant type (a.k.a. Resource Owner Password Credentials) is used when the user has a trusted relationship with the client, and so can supply credentials directly.
  4. Client Credentials: This grant type is used when the client is requesting access to protected resources under its control (i.e. there is no third party).
  5. Refresh Token: This grant type is used to obtain additional access tokens in order to prolong the client’s authorization of a user’s resources.

...

example.com/restful_api/authorize
 

Token Endpoint

...

example.com/restful_api/token
 

Tutorials

...

Get Authorization Code

Call the authorize endpoint to get the code.

...

You will receive an access token:

Wiki Markup{"

"access_token

":"

":"ACCESS_TOKEN

","

","expires_in

"

":86400,

"

"token_type

":"bearer","scope":"null":"REFRESH_TOKEN"}

":"bearer","scope":"null":"REFRESH_TOKEN"
 

Get implicit

...

example.com/restful_api/authorize?response_type=token&client_id=CLIENT_ID&redirect_uri=app.example.com/callback

...

app.example.com/callback#access_token=EACCESS_TOKEN&expires_in=86400&token_type=bearer
 

Get by User credentials

...

Code Block
bash
bash

$ curl -u CLIENT_ID:CLIENT_SECRET example.com/restful_api/token -d 'grant_type=password&email=USER_EMAIL&password=USER_PASSWORD'

URI Parameters: email, password
 

Get by Client credentials

...

Code Block
bash
bash

$ curl -u CLIENT_ID:CLIENT_SECRET example.com/restful_api/token -d 'grant_type=client_credentials'

Refresh token

A refresh token must be retrieved using the Authorization Code or User Credentials grant types. This refresh token can then be used to generate a new access token of equal or lesser scope.

...