Getting OAuth2 token without redirection

This topic has 3 replies, 2 voices, and was last updated 6 years, 9 months ago by Bill Nelson.

  • Author
    Posts
  • #8292
     babbupandey
    Participant

    I am trying to get a token for a pre-authorised application (the application does not have access-code) using implicit authorisation workflow. The challenge is that I want to get the token without URI redirection. Is there any way I can do that with RESTful API?

    #8311
     Bill Nelson
    Participant

    The “Authorization Code Grant Flow” and the “Implicit Grant Flow” are both flows that involve redirects between the Resource Owner, the Client, and the Authorization Server. The purpose of the redirect_uri in this “dance” is to tell the Authorization Server how to redirect the Resource Owner back to the Client. So if you are using either of these two flows, then no, there is no way not to use the redirect.

    https://tools.ietf.org/html/rfc6749#page-24
    https://tools.ietf.org/html/rfc6749#page-31

    May I suggest that you look at the “Resource Owner Password Credentials Grant Flow” or the “Client Credentials Grant Flow”, instead. Both of these were meant for more programmatic methods of obtaining the Access Token as you describe.

    https://tools.ietf.org/html/rfc6749#page-37
    https://tools.ietf.org/html/rfc6749#page-40

    #8344
     babbupandey
    Participant

    Thanks for your reply Bill. Looks like client_credentials should solve my problem. I will look more into this. I really appreciate your reply.

    #8346
     Bill Nelson
    Participant

    No problem and thanks for the “token” of your appreciation (see what I just did there?). :-)

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?