If you’re building a mobile (iPhone, Android, etc.) app, it can be easier to exchange a user’s password and email/username for an access token than to send your user through the traditional OAuth flow.
Sign in as a registered user then visit the new client application page. Enter in the name of your application. For this example, we can use
foo; you can change this later if you desire. Hit enter and you should see a screen that has your application name along with a
client id and a
secret. These behave like a username and password for your OAuth application.
Name: foo client id: 3234myClientId5678 client Secret: 14321myClientSecret8765
Once you’ve registered an app successfully, we can start to build an OAuth application. Don’t continue until you’ve registered a client app.
Note: Replace the client id and secret with your actual client id and secret.
Once you have your id and secret, you can ask the user of your application to provide you with their username and password. For the purposes of this example we will be using the email address
firstname.lastname@example.org and password
Note: Replace the email and password with a real user’s credentials.
Once you have the email/username and password of a user, you can exchange this information for a token by sending the server your client_id & client_secret along with the username and password. Don’t forget to url encode any special characters like
@, and always transmit this sensitive data using a secure protocol (such as https):
The response should be JSON with an access_token:
You can now use the
access_token in the parameters or the header of future requests. See the end of the Quick Start Guide for examples.
In addition to username/password, the owner of this web service may choose to implement other custom exchanges such as Facebook or Twitter token exchange for an access token. You must contact the owner of this web service to see if they support other data when exchanging tokens.
When you do this make sure to pass
grant_type=bearer in the request to
http://opro-demo.herokuapp.com/oauth/token in addition to any required parameters.