Skip to content

Instantly share code, notes, and snippets.

@tuxpiper

tuxpiper/ushahidi_v3_oauth_token.md

Last active June 21, 2016 15:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tuxpiper/0263038fcfea891ac4eee6d0e74044a7 to your computer and use it in GitHub Desktop.
Save tuxpiper/0263038fcfea891ac4eee6d0e74044a7 to your computer and use it in GitHub Desktop.
Download ZIP
ushahidi_v3_oauth_token.md
Raw
ushahidi_v3_oauth_token.md

Obtaining access token and refresh token

request headers:

POST /oauth/token HTTP/1.1
Host: ( your API server host here, i.e. http://api.localhost:8080 )
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=UTF-8

request body:

{ "client_id": "ushahidiui",
  "client_secret": "35e7f0bca957836d05ca0492211b0ac707671261",
  "grant_type": "password",
  "username": "admin",
  "password": "admin",
  "scope": "posts media forms api tags savedsearches sets users stats layers config messages notifications contacts roles permissions csv dataproviders" }

which should give you a response like:

response body:

{ "access_token":"SrSAFFcWZXkhHuASUyJG2j2aCytzE1L3qzpEEjY7",
  "token_type":"Bearer",
  "expires":1466519207,
  "expires_in":3600,
  "refresh_token":"crxDIzabItL76J3FVr3Br9CVcRKbhEOzC397gLyY",
  "refresh_token_expires_in":604800 }

You can authorize your further requests to the API (listing posts, creating posts, etc) by using the access token (access_token) provided in the response. In order to do that, add an Authorization header to each of your API requests, using the access token that you've obtained. In our example, that header would be:

Authorization: bearer SrSAFFcWZXkhHuASUyJG2j2aCytzE1L3qzpEEjY7

Refreshing the access token

Once the access token is about to expire, you can get a new one by sending another request, pretty similar with the first one, just changing some of the sent information. Instead of sending user name and password again, you'll use the refresh_token that you obtained in the first authentication request.

request headers:

POST /oauth/token HTTP/1.1
Host: ( your API server host here, i.e. http://api.localhost:8080 )
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=UTF-8

request body:

{ "client_id": "ushahidiui",
  "client_secret": "35e7f0bca957836d05ca0492211b0ac707671261",
  "grant_type": "refresh_token",
  "refresh_token": "crxDIzabItL76J3FVr3Br9CVcRKbhEOzC397gLyY" }

which should give you a response like:

response body:

{ "access_token":"HcswOL9C4P5Rif2XKhwayX0RbCdPXeudHRJxycMb",
  "token_type":"Bearer",
  "expires":1466526852,
  "expires_in":3600}

You can keep refreshing the access token until the refresh token expires (7 days). Once the refresh token expires, you've got to log in again using the username and password credentials.

client_id and client_secret

The values in the example are the values that are set up by default in any Ushahidi Platform installation. You may choose to change them (or even create a new pair) by connecting to your database and altering the contents of the oauth_clients table.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment