Skip to content

Instantly share code, notes, and snippets.

@mattlevine
Last active January 27, 2020 19:08
Show Gist options
  • Save mattlevine/fbbf0220e83c74685f91f812e2e2f19a to your computer and use it in GitHub Desktop.
Save mattlevine/fbbf0220e83c74685f91f812e2e2f19a to your computer and use it in GitHub Desktop.
OAuth2 cheat sheet

Password

In the Mura admin create a webservice and set it to OAuth2 Password and then use it's client_id and client_secret with this

You can choose to keep the client_secret an actual secret or not. It just depends on if you care if it's wide open or not.

http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2?client_id={client_id}&client_secret={client_secret}&grant_type=password&username={username}&password={password}

Client Credentials

http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials

Implicit

This flow does not expose any sensitive data because JS in the client can't hide secrets

  1. Redirect to login

{web_login}?response_type=token&client_id={client_id}&redirect_uri={redirect_uri}&state={state}

User logs in and is redirected to {redirect_uri}?token_type=bearer&expires_in={expires_in}&access_token={access_token}&state={state}

Authorization Code

  1. Redirect to login

{web_login}?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}&state={state}

  1. User logs in and is redirected to {redirect_uri}?code={code}&state={state}

  2. Get access_token with code

http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2/?grant_type=authorization_code&client_id={client_id}&client_secret={client_secret}&redirect_uri={redirect_uri}&code={code}

Refresh Token

http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2?client_id={client_id}&client_secret={client_secret}&grant_type=refresh_token&refresh_token={refresh_token}

Token Info

http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2/tokeninfo?client_id={client_id}&access_token={access_token}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment