mattlevine/OAuth2.md

## OAuth2.md

      
    Raw
  

              OAuth2.md
            
          
    Password

In the Mura admin create a webservice and set it to OAuth2 Password and then use it's client_id and client_secret with this
You can choose to keep the client_secret an actual secret or not. It just depends on if you care if it's wide open or not.
http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2?client_id={client_id}&client_secret={client_secret}&grant_type=password&username={username}&password={password}
Client Credentials

http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials
Implicit

This flow does not expose any sensitive data because JS in the client can't hide secrets

Redirect to login

{web_login}?response_type=token&client_id={client_id}&redirect_uri={redirect_uri}&state={state}
User logs in and is redirected to
{redirect_uri}?token_type=bearer&expires_in={expires_in}&access_token={access_token}&state={state}
Authorization Code


Redirect to login

{web_login}?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}&state={state}


User logs in and is redirected to
{redirect_uri}?code={code}&state={state}


Get access_token with code


http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2/?grant_type=authorization_code&client_id={client_id}&client_secret={client_secret}&redirect_uri={redirect_uri}&code={code}
Refresh Token

http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2?client_id={client_id}&client_secret={client_secret}&grant_type=refresh_token&refresh_token={refresh_token}
Token Info

http://localhost:8080/index.cfm/_api/rest/v1/{siteid}/oauth2/tokeninfo?client_id={client_id}&access_token={access_token}