Create a token using Oauth

OAuth is an open standard for authorization. OAuth allows one program to authorize another program to make changes on behalf of an account holder or end-user.

Grant flows

Our OAuth 2 implementation supports the following of RFC-6749's (https://tools.ietf.org/html/rfc6749) grant flows:

  • Implicit
  • Resource Owner Password Credentials

Resource owner password credentials grant

The resource owner password credentials (i.e., username and password) can be used directly as an authorization grant to obtain an access token.

RequestResponseshell
$ curl -X POST -u "client_id:secret" \
 http://marketingcontenthub/oauth/ token \
 -d grant_type=password -d username={username} -d password={password}
  • client_id (required): The unique id for the client application specied when creating the client entity.
  • secret (required): the client secret specied when creating the client entity.
  • username (required): the username of the user to login with.
  • password (required): the password of the user to login with.

Making requests

Once you have an access token, you can include it in the "Authorization" request header:

RequestResponseshell
Authorization: Bearer {access_ token }.

Refresh tokens

Our access tokens expire in one hour. When this happens you'll get 401 responses. The "authorization code grant" and "resource owner password credentials" grants therefore include a refresh token that can then be used to generate a new access token:

RequestResponseshell
$ curl -X POST -u "client_id:secret"
 http://marketingcontenthub/oauth/ token \
 -d grant_type=refresh_ token -d refresh_ token ={refresh_ token }

Do you have some feedback for us?

If you have suggestions for improving this article,