OAuth 2.0 Authorization
The authorization process consists of the following basic steps regardless of your client application type:
You register your client application in Space, specifying its type and providing permissions to access certain Space resources. At the end of the registration process you are given credentials, such as a client ID and client secret, that you provide to your application.
Your application requests an access token from Space, presenting client ID, client secret, and other credentials depending on the client application type and authorization flows it uses. If authentication is successful, the application is issued a token.
Your application requests access to Space resources presenting the obtained token in an HTTP authorization header.
Authorization scenarios
| Application | Flow to use | Client type | Required parameters | Additional requirement and restrictions |
|---|---|---|---|---|
| A rich client web application with all authorization logic in browser | Implicit flow | JavaScript Web App | grant_type, client_id, redirect_uri | Handle in browser request with a grant from Space |
| A web application with authorization logic on the server side | Authorization Code flow | Server-side Web App | grant_type, client_id, client_secret, redirect_uri | Handle request with a grant from Space server on server side |
| A desktop or a mobile application able to request authorization token non-interactively | Refresh Token flow | Mobile or Desktop App | grant_type, client_id, client_secret refresh_token, scope | Handle request with a grant from Space server on server side |
| A script that needs to access resources on behalf of itself | Client Credentials flow | Service Account | grant_type, client_id, client_secret | Resources that require user authorization cannot be accessed using the Client Credentials flow. Use other flows that allow your script to act on behalf of the user (e.g. Resource Owner Password Credentials flow) |
| A script that needs to access resources on behalf of some user | Resource Owner Password Credentials flow | Service Account | grant_type, client_id, client_secret, username, password, scope | None |
Endpoints
Space's OAuth 2.0 endpoints for authentication and token are:
| Endpoint | URL |
|---|---|
| Authentication | <Space service URL>/oauth/auth |
| Token | <Space service URL>/oauth/token |