Releases: git-ced/gurant
v1.1.3
Description
This release will only cover the OAuth 2.0 Flow for the Authorization Code Grant Specification.
Available Endpoints
Resource Owner Endpoints
GET /user
Fetches the resource owner's profile details.
Response Payload
property | type | description |
---|---|---|
id |
string | the resource owner's identifier |
created_at |
timestamp | timestamp when the resource is created |
updated_at |
timestamp | timestamp when the resource is updated |
display_name |
string | the resource owner's display name |
email |
string | the resource owner's email |
client_live |
object | refer to the table below |
client_test |
object | refer to the table below |
Client Object
property | type | description |
---|---|---|
id |
string | the client identifier |
created_at |
timestamp | timestamp when the resource is created |
updated_at |
timestamp | timestamp when the resource is updated |
secret |
string | the client secret |
is_live |
boolean | determines whether the credentias is for a live or test enviroment |
redirect_uri |
string | the client's redirect enpoint |
POST /user
Register clients after the user has been registed. Requires the user's Firebase token
to their info.
Request Payload
property | type | description |
---|---|---|
redirect_uri |
string | the user specified redirect enpoint |
Response Payload
property | type | description |
---|---|---|
id |
string | the resource owner's identifier |
created_at |
timestamp | timestamp when the resource is created |
updated_at |
timestamp | timestamp when the resource is updated |
display_name |
string | the resource owner's display name |
email |
string | the resource owner's email |
client_live_id |
string | the resource owner's live client identifier |
client_test_id |
string | the resource owner's test client identifier |
PUT /user/clients/:client_id
Update the specified client's redirect endpoint, requires Firebase token
for authorization.
Request Payload
property | type | description |
---|---|---|
redirect_uri |
string * | The new redirect enpoint for the client |
Response Payload
property | type | description |
---|---|---|
id |
string | the updated client's client identifier |
redirect_uri |
string | the new redirect enpoint for the client |
OAuth 2.0 Endpoints
GET /oauth2/authorize
Retrieve the authrization code after the authorization grant, requires Firebase token
authorization.
Request Parameters
property | type | description |
---|---|---|
response_type |
string * | value MUST be code |
client_id |
string * | the registered client's client identifier |
redirect_url |
string * | value MUST be the same with the client's redirect_url |
scope |
string * | the scope of which the authorization is applicable |
state |
string | additional state to be passed, could be user info |
Response Parameters
The response is the redirect url injected with the parameters below
property | type | description |
---|---|---|
code |
string | the authorization code that'll be exchanged to the access token |
state |
string | value MUST be the same with state parameter passed in the request |
POST /oauth2/token?grant_type=authorization_code
This endpoint is responsible for generating tokens using the previously generated authorization code
.
This also requires client authentication (HTTP Basic Auth).
The generated access and refresh tokens comply with the JSON Web Token (JWT) Specification.
Request Parameter
property | type | description |
---|---|---|
grant_type |
string * | the type of request in how the access token should be generated, value MUST be authorization_code |
code |
string * | the authorization code that'll be exchanged to the access token |
redirect_uri |
string * | the redirect enpoint used in the previous authorization grant |
client_id |
string * | the registered client's client identifier |
Response Payload
property | type | description |
---|---|---|
access_token |
string | the access token used to access protected resources |
refresh_token |
string | the refresh token used to refresh an access token |
scope |
string | the scope of which access is applicable |
expires_in |
number | the lifetime in seconds of the access token |
token_type |
string | the type of the access token, value is always bearer |
POST /oauth2/token?grant_type=refresh_token
This endpoint is responsible for generating tokens using a refresh_token
.
This also requires client authentication (HTTP Basic Auth).
Request Parameter
| property | type | description ...