JetBrains Space EAP Help

OAuth 2.0 Authorization

The authorization process consists of the following basic steps regardless of your client application type:

  1. You register your client application in Space, specifying its type and providing permissions to access certain Space resources. At the end of the registration process you are given credentials, such as a client ID and client secret, that you provide to your application.

  2. Your application requests an access token from Space, presenting client ID, client secret, and other credentials depending on the client application type and authorization flows it uses. If authentication is successful, the application is issued a token.

  3. Your application requests access to Space resources presenting the obtained token in an HTTP authorization header.

Authorization scenarios

ApplicationFlow to useClient typeRequired parametersAdditional requirement and restrictions
A rich client web application with all authorization logic in browserImplicit flowJavaScript Web Appgrant_type, client_id, redirect_uriHandle in browser request with a grant from Space
A web application with authorization logic on the server sideAuthorization Code flowServer-side Web Appgrant_type, client_id, client_secret, redirect_uriHandle request with a grant from Space server on server side
A desktop or a mobile application able to request authorization token non-interactivelyRefresh Token flowMobile or Desktop Appgrant_type, client_id, client_secret refresh_token, scopeHandle request with a grant from Space server on server side
A script that needs to access resources on behalf of itselfClient Credentials flowService Accountgrant_type, client_id, client_secretResources that require user authorization cannot be accessed using the Client Credentials flow. Use other flows that allow your script to act on behalf of the user (e.g. Resource Owner Password Credentials flow)
A script that needs to access resources on behalf of some userResource Owner Password Credentials flowService Accountgrant_type, client_id, client_secret, username, password, scopeNone


Space's OAuth 2.0 endpoints for authentication and token are:

Authentication<Space service URL>/oauth/auth
Token<Space service URL>/oauth/token
Last modified: 18 November 2020