You will be navigated to a login page for authentication and authorization.
💡 The "Authorization Endpoint" button in the email will invoke an authorization request (implicit grant flow) from your Web browser to Authlete's default authorization endpoint. The actual URL of the request is:
Your browser will be redirected to the client's redirection endpoint that shows an issued access token.
You can find the same access token in the fragment part of the destination URL.
Try “Authorization Code Grant Flow” in addition to Implicit Grant Flow in the previous section.
1. Enter the following URL (authorization request) to your Web browser and submit it.
This request is the same as the previous one except
<SAMPLE_APP_CLIENT_ID> to the appropriate values in your environment.
2. You will be navigated to the login page. Enter the API key and the secret.
3. Your browser will be redirected to the client's redirection endpoint.
Enter the value of
client_id field and click “Submit” button to make a token request.
4. Token response (JSON formatted) will be displayed.
There should be values for
In the previous section, you tried the flow using the default implementation of authorization endpoint. For real deployments, you have freedom of choice to implement your own authorization server using Authlete Web APIs.
This reference implementation uses Authlete as its backend so that it can eliminate efforts to set up a database server as storage of authorization data (e.g. access tokens), configuration data of the authorization server itself as well as client application settings communicating with the server.
So you can download and start the authorization server only with a few commands as shown below:
Please check the documents at java-oauth-server for details.
$ git clone https://github.com/authlete/java-oauth-server.git $ cd java-oauth-server $ vi authlete.properties $ mvn jetty:run
Please check the documents at spring-oauth-server for details.
$ git clone https://github.com/authlete/spring-oauth-server $ cd spring-oauth-server $ vi authlete.properties $ mvn spring-boot:run
Please check the documents at csharp-oauth-server for details.
$ git clone https://github.com/authlete/csharp-oauth-server $ cd csharp-oauth-server/AuthorizationServer $ vi authlete.properties $ dotnet run
Please check the documents at authlete-php-laravel for details.
$ laravel new authorization-server $ cd authorization-server $ composer require authlete/authlete-laravel $ php artisan authlete:authorization-server $ vi config/authlete.php
If you implement your own authorization server using Authlete Web APIs, you don’t have to implement an authentication callback endpoint, but instead you are required to customize some source files related to end-user authentication.