Examples

As shown in the following figure, to access data from the OAuth 2.0 authorization server, there are mainly two steps:

  1. Use the HTTP Post method to request the access token from the authorization server;

  2. Set the access token in the HTTP Authorization header, and use Get method to request the data from the resource server.


The following examples demonstrate how to get data using different grant type:

  • Resource Owner Password Credentials Grant

  • Client Credentials Grant

  • Extension Grant

And the examples will use the following authorization server URLs and parameters.

  For requesting access token

Token URL and settings

TokenLocation="https://authserver.appeon.com/oauth2/token"

ClientID="367c4163ddc1427d96655cd220c6714b"

Secret="4079f8749939446cbc81fd0c27709187"

Format

JSON

Required Authentication

Yes ("Basic ...")

Parameters

Resource Owner Password Credentials Grant (GrantType="password"):

  • UserName="username" in the following example.

  • Password="password123" in the following example.

  • Scope="testcode" in the following example. This parameter is optional.

Client Credentials Grant (GrantType="client_credentials"):

  • Scope="dscode dsperf" in the following example. This parameter is optional.

Extension Grant (GrantType="refresh_token"):

  • refresh_token= "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e"

  • Scope="testcode upcode profile offline_access" in the following example. This parameter is optional.

Successful Responses:

Return the following value and JSON string if succeed:

200 OK {"access_token": "0374672c0f9a83d7e808725bd8ea748a250f2b8e151b9d93f2afa7805ec2dd52", "expires_in": 3600, "token_type": "Bearer", "refresh_token": "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e"}


  For requesting resource

Resource URL

https://authserver.appeon.com/order/getall

Format

JSON

Required Authentication

Yes ("Bearer ...")

Successful Responses:

Return the following value and JSON string if succeed:

200 OK [{"person_Title": "Mr.", "person_Firstname": "Kevin", "person_Middlename": "F.", "person_Lastname": "Browne", "customer_Modifieddate": "2014-09-12T11:15:07.263", "customer_Customerid": 29592, "sumamt": 80468.2110, "avgamt": 10058.5263}]


Resource Owner Password

For the Resource Owner Password grant type (granttype = "password"), three examples are provided respectively:

  • Example 1 using OAuthClient object (recommended)

  • Example 2 using HTTPClient object

  • Example 3 using OAuthClient and HTTPClient objects

Example 1 (using OAuthClient) (recommended)

OAuthClient      loac_Client
TokenRequest     ltr_Request
TokenResponse    ltr_Response
OAuthRequest     loar_Request
ResourceResponse lrr_Response
String           ls_AccessToken
String           ls_Body, ls_type, ls_description, ls_uri, ls_state
Long             ll_return

loac_Client = Create OAuthClient

//Step 1: Get the RESTful server access token.
ltr_Request.tokenlocation = "https://authserver.appeon.com/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.secureprotocol = 0
ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b"
ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187"
ltr_Request.UserName = "username"
ltr_Request.Password = "password123"
ltr_Request.scope = "testcode"
ltr_Request.granttype = "password"

ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response )
If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then
         ll_Return = ltr_Response.GetBody(ls_Body)
         If ll_Return = 1 Then
                   ls_AccessToken = ltr_Response.GetAccessToken()

                   //Step 2: Get the RESTful server resource.                   
                   loar_Request.Method = "GET"
                   loar_Request.Url = "https://authserver.appeon.com/order/getall"
                   loar_Request.SetAccessToken( ls_AccessToken )
                   ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response )
                   If ll_Return = 1 Then
                            ll_Return = lrr_Response.GetBody(ls_Body)
                            If ll_Return = 1 Then
                                     MessageBox ( "Resource", ls_Body )
                            End If
                   Else
                            MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() )
                   End If
                   
         End If
Else
         ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state)
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description )
End If

If IsValid ( loac_Client ) Then DesTroy ( loac_Client )

Example 2 (using HTTPClient)

HttpClient      lhc_Client
CoderObject     lco_Code
Jsonpackage     ljpg_json
String          ls_ClientID, ls_Sercet, ls_Auth, ls_Url, ls_PostData, ls_UserName, ls_Password, ls_scope, ls_Body, ls_Error
String          ls_Token, ls_TokenType, ls_AccessToken
Blob            lblb_data
Long            ll_return

lhc_Client = Create HttpClient
lco_Code = Create CoderObject
ljpg_json = Create Jsonpackage

//Step 1: Get the RESTful server access token.
//Url
ls_Url = "https://authserver.appeon.com/oauth2/token"
//Authorization
ls_ClientID = "367c4163ddc1427d96655cd220c6714b"
ls_Sercet = "4079f8749939446cbc81fd0c27709187"
lblb_data = Blob ( ls_ClientID + ":" + ls_Sercet, EncodingUTF8! )
ls_Auth = lco_Code.Base64Encode( lblb_data )
lhc_Client.SetRequestHeader( "Authorization", "Basic " + ls_Auth )
lhc_Client.SetRequestHeader( "Content-Type", "application/x-www-form-urlencoded" )
//PostData
ls_UserName = "username"
ls_Password = "password123"
ls_scope = "testcode"
ls_PostData = "grant_type=password&username="+ls_UserName+"&password="+ls_Password+"&scope=" + lco_Code.UrlEncode( Blob(ls_scope,EncodingUTF8!))

ll_return = lhc_Client.SendRequest( "POST", ls_Url, ls_PostData )
If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then
         lhc_Client.GetResponseBody ( ls_body )
         ls_Error = ljpg_json.loadString ( ls_body )
         If ls_Error = "" then
                   ls_TokenType = ljpg_json.GetValue("token_type")
                   ls_Token = ljpg_json.GetValue("access_token")
                   ls_AccessToken = ls_TokenType + " " + ls_Token

                   //Step 2: Get the RESTful server resource.
                   ls_Url = "https://authserver.appeon.com/order/getall"
                   lhc_Client.ClearRequestHeaders()
                   lhc_Client.SetRequestHeader( "Authorization", ls_AccessToken )
                   ll_return = lhc_Client.SendRequest( "GET", ls_Url )
                   If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then
                            lhc_Client.GetResponseBody ( ls_body )
                            MessageBox ( "Resource", ls_body )
                   Else
                            MessageBox( "ResourceResponse Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() )
                   End If
                   
         Else
                   MessageBox( "Error", ls_Error )
         End If
Else
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() )
End If

If IsValid ( lco_Code ) Then DesTroy ( lco_Code )
If IsValid ( ljpg_json ) Then DesTroy ( ljpg_json )
If IsValid ( lhc_Client ) Then DesTroy ( lhc_Client )

Example 3 (using OAuthClient and HTTPClient)

OAuthClient   loac_Client
TokenRequest  ltr_Request
TokenResponse ltr_Response
HttpClient    lhc_Client
String        ls_AccessToken, ls_TokenType
String        ls_Body, ls_type, ls_description, ls_uri, ls_state, ls_Url
Long          ll_return

loac_Client = Create OAuthClient
lhc_Client = Create HttpClient

//Step 1: Get the RESTful server access token.
ltr_Request.tokenlocation = "https://authserver.appeon.com/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.secureprotocol = 0
ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b"
ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187"
ltr_Request.UserName = "username"
ltr_Request.Password = "password123"
ltr_Request.scope = "testcode"
ltr_Request.granttype = "password"

ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response )
If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then
         ls_AccessToken = ltr_Response.GetAccessToken()
         ls_TokenType = ltr_Response.GetTokenType( )
         
         //Step 2: Get the RESTful server resource.
         ls_Url = "https://authserver.appeon.com/order/getall"
         lhc_Client.ClearRequestHeaders()
         lhc_Client.SetRequestHeader( "Authorization", ls_TokenType + " " + ls_AccessToken )
         ll_return = lhc_Client.SendRequest( "GET", ls_Url )
         If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then
                   lhc_Client.GetResponseBody ( ls_body )
                   MessageBox ( "Resource", ls_body)
         Else
                   MessageBox( "ResourceResponse Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() )
         End If
         
Else
         ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state)
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description )
End If

If IsValid ( loac_Client ) Then DesTroy ( loac_Client )
If IsValid ( lhc_Client ) Then DesTroy ( lhc_Client )

Client Credentials Grant

For the Client Credentials Grant type (granttype = "client_credentials"), one example is provided that demonstrate with using OAuthClient object.

Example (using OAuthClient)

OAuthClient   loac_Client
TokenRequest  ltr_Request
TokenResponse ltr_Response
OAuthRequest  loar_Request
ResourceResponse lrr_Response
String        ls_AccessToken
String        ls_Body, ls_type, ls_description, ls_uri, ls_state
Long          ll_return

loac_Client = Create OAuthClient

//Step 1: Get the RESTful server access token.
ltr_Request.tokenlocation = "https://authserver.appeon.com/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.secureprotocol = 0
ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b"
ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187"
ltr_Request.scope = "dscode dsperf"
ltr_Request.granttype = "client_credentials"

ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response )
If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then
         ll_Return = ltr_Response.GetBody(ls_Body)
         If ll_Return = 1 Then
                   ls_AccessToken = ltr_Response.GetAccessToken()

                   //Step 2: Get the RESTful server resource.
                   loar_Request.Method = "GET"
                   loar_Request.Url = "https://authserver.appeon.com/order/getall"
                   loar_Request.SetAccessToken( ls_AccessToken )
                   ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response )
                   If ll_Return = 1 Then
                            ll_Return = lrr_Response.GetBody(ls_Body)
                            If ll_Return = 1 Then
                                     MessageBox ( "Resource", ls_Body )
                            End If
                   Else
                            MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() )
                   End If
                   
         End If
Else
         ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state)
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description )
End If

If IsValid ( loac_Client ) Then DesTroy ( loac_Client )

Extension Grant

For the Extension Grant type (granttype = "refresh_token"), one example is provided that demonstrate with using OAuthClient object.

Example (using OAuthClient)

OAuthClient   loac_Client
TokenRequest  ltr_Request
TokenResponse ltr_Response
OAuthRequest  loar_Request
ResourceResponse lrr_Response
CoderObject   lco_Code
String        ls_AccessToken, ls_refresh_token, ls_ClientID, ls_Sercet, ls_Auth
String        ls_Body, ls_type, ls_description, ls_uri, ls_state
Long          ll_return
Blob          lblb_data

loac_Client = Create OAuthClient
lco_Code = Create CoderObject

//Step 1: Get the RESTful server access token.
//Authorization
ls_ClientID = "367c4163ddc1427d96655cd220c6714b"
ls_Sercet = "4079f8749939446cbc81fd0c27709187"
lblb_data = Blob ( ls_ClientID + ":" + ls_Sercet, EncodingUTF8! )
ls_Auth = lco_Code.Base64Encode( lblb_data )
ltr_Request.SetHeader( "Authorization", "Basic " + ls_Auth )
ltr_Request.SetHeader( "Content-Type", "application/x-www-form-urlencoded" )

ltr_Request.tokenlocation = "https://authserver.appeon.com/oauth2/token"
ltr_Request.Method = "POST"
ltr_Request.secureprotocol = 0
ltr_Request.scope = "testcode upcode profile offline_access"
ltr_Request.granttype = "refresh_token"

ls_refresh_token = "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e"
ltr_Request.AppendParam("refresh_token",ls_refresh_token )

ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response )
If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then
         ll_Return = ltr_Response.GetBody(ls_Body)
         If ll_Return = 1 Then
                   ls_AccessToken = ltr_Response.GetAccessToken()

                   //Step 2: Get the RESTful server resource.                   
                   loar_Request.Method = "GET"
                   loar_Request.Url = "https://authserver.appeon.com/order/getall"
                   loar_Request.SetAccessToken( ls_AccessToken )
                   ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response )
                   If ll_Return = 1 Then
                            ll_Return = lrr_Response.GetBody(ls_Body)
                            If ll_Return = 1 Then
                                     MessageBox ( "Resource", ls_Body )
                            End If
                   Else
                            MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() )
                   End If
                   
         End If
Else
         ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state)
         MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description )
End If

If IsValid ( loac_Client ) Then DesTroy ( loac_Client )
If IsValid ( lco_Code ) Then DesTroy ( lco_Code )