As shown in the following figure, to access data from the OAuth 2.0 authorization server, there are mainly two steps:
-
Use the HTTP Post method to request the access token from the authorization server;
-
Set the access token in the HTTP Authorization header, and use Get method to request the data from the resource server.
The following examples demonstrate how to get data using different grant type:
-
Resource Owner Password Credentials Grant
-
Client Credentials Grant
-
Extension Grant
And the examples will use the following authorization server URLs and parameters.
| For requesting access token | |||
|---|---|---|---|
|
Token URL and settings |
TokenLocation="https://authserver.appeon.com/oauth2/token" ClientID="367c4163ddc1427d96655cd220c6714b" Secret="4079f8749939446cbc81fd0c27709187" |
||
|
Format |
JSON |
||
|
Required Authentication |
Yes ("Basic ...") |
||
|
Parameters |
Resource Owner Password Credentials Grant (GrantType="password"):
|
Client Credentials Grant (GrantType="client_credentials"):
|
Extension Grant (GrantType="refresh_token"):
|
|
Successful Responses: |
Return the following value and JSON string if succeed: 200 OK {"access_token": "0374672c0f9a83d7e808725bd8ea748a250f2b8e151b9d93f2afa7805ec2dd52", "expires_in": 3600, "token_type": "Bearer", "refresh_token": "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e"} |
||
| For requesting resource | |||
|---|---|---|---|
|
Resource URL |
https://authserver.appeon.com/order/getall |
||
|
Format |
JSON |
||
|
Required Authentication |
Yes ("Bearer ...") |
||
|
Successful Responses: |
Return the following value and JSON string if succeed: 200 OK [{"person_Title": "Mr.", "person_Firstname": "Kevin", "person_Middlename": "F.", "person_Lastname": "Browne", "customer_Modifieddate": "2014-09-12T11:15:07.263", "customer_Customerid": 29592, "sumamt": 80468.2110, "avgamt": 10058.5263}] |
||
For the Resource Owner Password grant type (granttype = "password"), three examples are provided respectively:
-
Example 1 using OAuthClient object (recommended)
-
Example 2 using HTTPClient object
-
Example 3 using OAuthClient and HTTPClient objects
OAuthClient loac_Client TokenRequest ltr_Request TokenResponse ltr_Response OAuthRequest loar_Request ResourceResponse lrr_Response String ls_AccessToken String ls_Body, ls_type, ls_description, ls_uri, ls_state Long ll_return loac_Client = Create OAuthClient //Step 1: Get the RESTful server access token. ltr_Request.tokenlocation = "https://authserver.appeon.com/oauth2/token" ltr_Request.Method = "POST" ltr_Request.secureprotocol = 0 ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b" ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187" ltr_Request.UserName = "username" ltr_Request.Password = "password123" ltr_Request.scope = "testcode" ltr_Request.granttype = "password" ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response ) If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then ll_Return = ltr_Response.GetBody(ls_Body) If ll_Return = 1 Then ls_AccessToken = ltr_Response.GetAccessToken() //Step 2: Get the RESTful server resource. loar_Request.Method = "GET" loar_Request.Url = "https://authserver.appeon.com/order/getall" loar_Request.SetAccessToken( ls_AccessToken ) ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response ) If ll_Return = 1 Then ll_Return = lrr_Response.GetBody(ls_Body) If ll_Return = 1 Then MessageBox ( "Resource", ls_Body ) End If Else MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() ) End If End If Else ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state) MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description ) End If If IsValid ( loac_Client ) Then DesTroy ( loac_Client )
HttpClient lhc_Client CoderObject lco_Code Jsonpackage ljpg_json String ls_ClientID, ls_Sercet, ls_Auth, ls_Url, ls_PostData, ls_UserName, ls_Password, ls_scope, ls_Body, ls_Error String ls_Token, ls_TokenType, ls_AccessToken Blob lblb_data Long ll_return lhc_Client = Create HttpClient lco_Code = Create CoderObject ljpg_json = Create Jsonpackage //Step 1: Get the RESTful server access token. //Url ls_Url = "https://authserver.appeon.com/oauth2/token" //Authorization ls_ClientID = "367c4163ddc1427d96655cd220c6714b" ls_Sercet = "4079f8749939446cbc81fd0c27709187" lblb_data = Blob ( ls_ClientID + ":" + ls_Sercet, EncodingUTF8! ) ls_Auth = lco_Code.Base64Encode( lblb_data ) lhc_Client.SetRequestHeader( "Authorization", "Basic " + ls_Auth ) lhc_Client.SetRequestHeader( "Content-Type", "application/x-www-form-urlencoded" ) //PostData ls_UserName = "username" ls_Password = "password123" ls_scope = "testcode" ls_PostData = "grant_type=password&username="+ls_UserName+"&password="+ls_Password+"&scope=" + lco_Code.UrlEncode( Blob(ls_scope,EncodingUTF8!)) ll_return = lhc_Client.SendRequest( "POST", ls_Url, ls_PostData ) If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then lhc_Client.GetResponseBody ( ls_body ) ls_Error = ljpg_json.loadString ( ls_body ) If ls_Error = "" then ls_TokenType = ljpg_json.GetValue("token_type") ls_Token = ljpg_json.GetValue("access_token") ls_AccessToken = ls_TokenType + " " + ls_Token //Step 2: Get the RESTful server resource. ls_Url = "https://authserver.appeon.com/order/getall" lhc_Client.ClearRequestHeaders() lhc_Client.SetRequestHeader( "Authorization", ls_AccessToken ) ll_return = lhc_Client.SendRequest( "GET", ls_Url ) If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then lhc_Client.GetResponseBody ( ls_body ) MessageBox ( "Resource", ls_body ) Else MessageBox( "ResourceResponse Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() ) End If Else MessageBox( "Error", ls_Error ) End If Else MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() ) End If If IsValid ( lco_Code ) Then DesTroy ( lco_Code ) If IsValid ( ljpg_json ) Then DesTroy ( ljpg_json ) If IsValid ( lhc_Client ) Then DesTroy ( lhc_Client )
OAuthClient loac_Client TokenRequest ltr_Request TokenResponse ltr_Response HttpClient lhc_Client String ls_AccessToken, ls_TokenType String ls_Body, ls_type, ls_description, ls_uri, ls_state, ls_Url Long ll_return loac_Client = Create OAuthClient lhc_Client = Create HttpClient //Step 1: Get the RESTful server access token. ltr_Request.tokenlocation = "https://authserver.appeon.com/oauth2/token" ltr_Request.Method = "POST" ltr_Request.secureprotocol = 0 ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b" ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187" ltr_Request.UserName = "username" ltr_Request.Password = "password123" ltr_Request.scope = "testcode" ltr_Request.granttype = "password" ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response ) If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then ls_AccessToken = ltr_Response.GetAccessToken() ls_TokenType = ltr_Response.GetTokenType( ) //Step 2: Get the RESTful server resource. ls_Url = "https://authserver.appeon.com/order/getall" lhc_Client.ClearRequestHeaders() lhc_Client.SetRequestHeader( "Authorization", ls_TokenType + " " + ls_AccessToken ) ll_return = lhc_Client.SendRequest( "GET", ls_Url ) If ll_return = 1 And lhc_Client.GetResponsestatusCode() = 200 Then lhc_Client.GetResponseBody ( ls_body ) MessageBox ( "Resource", ls_body) Else MessageBox( "ResourceResponse Falied", "Return :" + String ( ll_return ) + "~r~n" + lhc_Client.GetResponsestatusText() ) End If Else ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state) MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description ) End If If IsValid ( loac_Client ) Then DesTroy ( loac_Client ) If IsValid ( lhc_Client ) Then DesTroy ( lhc_Client )
For the Client Credentials Grant type (granttype = "client_credentials"), one example is provided that demonstrate with using OAuthClient object.
OAuthClient loac_Client TokenRequest ltr_Request TokenResponse ltr_Response OAuthRequest loar_Request ResourceResponse lrr_Response String ls_AccessToken String ls_Body, ls_type, ls_description, ls_uri, ls_state Long ll_return loac_Client = Create OAuthClient //Step 1: Get the RESTful server access token. ltr_Request.tokenlocation = "https://authserver.appeon.com/oauth2/token" ltr_Request.Method = "POST" ltr_Request.secureprotocol = 0 ltr_Request.clientid = "367c4163ddc1427d96655cd220c6714b" ltr_Request.clientsecret = "4079f8749939446cbc81fd0c27709187" ltr_Request.scope = "dscode dsperf" ltr_Request.granttype = "client_credentials" ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response ) If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then ll_Return = ltr_Response.GetBody(ls_Body) If ll_Return = 1 Then ls_AccessToken = ltr_Response.GetAccessToken() //Step 2: Get the RESTful server resource. loar_Request.Method = "GET" loar_Request.Url = "https://authserver.appeon.com/order/getall" loar_Request.SetAccessToken( ls_AccessToken ) ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response ) If ll_Return = 1 Then ll_Return = lrr_Response.GetBody(ls_Body) If ll_Return = 1 Then MessageBox ( "Resource", ls_Body ) End If Else MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() ) End If End If Else ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state) MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description ) End If If IsValid ( loac_Client ) Then DesTroy ( loac_Client )
For the Extension Grant type (granttype = "refresh_token"), one example is provided that demonstrate with using OAuthClient object.
OAuthClient loac_Client TokenRequest ltr_Request TokenResponse ltr_Response OAuthRequest loar_Request ResourceResponse lrr_Response CoderObject lco_Code String ls_AccessToken, ls_refresh_token, ls_ClientID, ls_Sercet, ls_Auth String ls_Body, ls_type, ls_description, ls_uri, ls_state Long ll_return Blob lblb_data loac_Client = Create OAuthClient lco_Code = Create CoderObject //Step 1: Get the RESTful server access token. //Authorization ls_ClientID = "367c4163ddc1427d96655cd220c6714b" ls_Sercet = "4079f8749939446cbc81fd0c27709187" lblb_data = Blob ( ls_ClientID + ":" + ls_Sercet, EncodingUTF8! ) ls_Auth = lco_Code.Base64Encode( lblb_data ) ltr_Request.SetHeader( "Authorization", "Basic " + ls_Auth ) ltr_Request.SetHeader( "Content-Type", "application/x-www-form-urlencoded" ) ltr_Request.tokenlocation = "https://authserver.appeon.com/oauth2/token" ltr_Request.Method = "POST" ltr_Request.secureprotocol = 0 ltr_Request.scope = "testcode upcode profile offline_access" ltr_Request.granttype = "refresh_token" ls_refresh_token = "8a9767b5f7e59245339cb965ce4bfdf589e155535c042a8b2a90d89093eefb7e" ltr_Request.AppendParam("refresh_token",ls_refresh_token ) ll_Return = loac_Client.AccessToken( ltr_Request, ltr_Response ) If ll_Return = 1 and ltr_Response.GetStatusCode () = 200 Then ll_Return = ltr_Response.GetBody(ls_Body) If ll_Return = 1 Then ls_AccessToken = ltr_Response.GetAccessToken() //Step 2: Get the RESTful server resource. loar_Request.Method = "GET" loar_Request.Url = "https://authserver.appeon.com/order/getall" loar_Request.SetAccessToken( ls_AccessToken ) ll_Return = loac_Client.RequestResource( loar_Request, lrr_Response ) If ll_Return = 1 Then ll_Return = lrr_Response.GetBody(ls_Body) If ll_Return = 1 Then MessageBox ( "Resource", ls_Body ) End If Else MessageBox( "Requestresource Falied", "Return :" + String ( ll_return ) + "~r~n" + lrr_Response.GetStatusText() ) End If End If Else ll_Return = ltr_Response.GetTokenError(ls_type, ls_description, ls_uri, ls_state) MessageBox( "AccessToken Falied", "Return :" + String ( ll_return ) + "~r~n" + ls_description ) End If If IsValid ( loac_Client ) Then DesTroy ( loac_Client ) If IsValid ( lco_Code ) Then DesTroy ( lco_Code )
