2.3 KiB
OAuth
SL currently supports code and implicit flow.
Code flow
To trigger the code flow locally, you can go to the following url after running python server.py:
You should see the authorization page where user is asked for permission to share their data. Once user approves, user is redirected to this url with an authorization code: http://localhost:7000/callback?state=123456&code=the_code
Next, exchange the code to get the token with {code} replaced by the code obtained in previous step. The http tool used here is httpie
http -f -a client-id:client-secret http://localhost:7777/oauth/token grant_type=authorization_code code={code}
This should return an access token that allows to get user info via the following command. Again, http is used.
http http://localhost:7777/oauth/user_info 'Authorization:Bearer {token}'
Implicit flow
Similar to code flow, except for the the access token which we we get back with the redirection.
For implicit flow, you can use this url
OpenID and OAuth2 response_type & scope
According to the sharing web blog titled Diagrams of All The OpenID Connect Flows, we should pay attention to:
response_typecan be eithercode, token, id_tokenor any combination of those attributes.scopemight containopenid
Below are the potential combinations that are taken into account in SL until now:
response_type=code
scope:
with `openid` in scope, return `id_token` at /token: OK
without: OK
response_type=token
scope:
with and without `openid`, nothing to do: OK
response_type=id_token
return `id_token` in /authorization endpoint
response_type=id_token token
return `id_token` in addition to `access_token` in /authorization endpoint
response_type=id_token code
return `id_token` in addition to `authorization_code` in /authorization endpoint