In [1]: from rauth import OAuth2Service
In [2]: frappe_oauth_server = OAuth2Service(client_id='48214acfa6', client_secret=None, name='acumen_erpnext', authorize_url='http://0.0.0.0:8000
...: /api/method/frappe.integrations.oauth2.authorize', access_token_url='http://0.0.0.0:8000/api/method/frappe.integrations.oauth
...: 2.get_token', base_url='http://0.0.0.0:8000/api/resource/')
In [3]: redirect_uri = "http://0.0.0.0:8000/redir"
In [4]: params = {'scope': 'project', 'response_type': 'code', 'redirect_uri': redirect_uri}
In [5]: url = frappe_oauth_server.get_authorize_url(**params)
In [6]: url
Out[6]: u'http://0.0.0.0:8000/api/method/frappe.integration_broker.oauth2.authorize?scope=project&redirect_uri=http%3A%2F%2F0.0.0.0%3A8000%2Fredir&response_type=code&client_id=48214acfa6'
In [7]: # the code should be returned upon the redirect from the authorize step, be sure to use it here (hint: it's in the URL!)
In [8]: data={'code': 'kCtF03mzXKnHobYBnrsoUzT3P7SmS6', 'grant_type':'authorization_code', 'redirect_uri': redirect_uri}
In [9]: session = frappe_oauth_server.get_auth_session(data=data,decoder=json.loads)
In [10]: print session.get("ToDo", params={"fields":'["name","description"]'}).json()
{u'data': [{u'name': u'469bb963fc', u'description': u'XYZ'}, {u'name': u'9f1f217dbf', u'description': u'PQR'}, {u'name': u'9a631eabee', u'description': u'ABC'}]}
Add OAuth Client Scope Child doctype instead of a scopes semi-colon separated value text field
Fields in OAuth Client Scope
Label:Scope, Type:Link, Option:DocType
Check Boxes for Read, Write, Create, Delete, etc.
Only allow resource defined in scope for the given access_token, right now roles and permissions are controlling access to resource. It should be scope restriction first and then user / role restrictions
Click on Get New Access Token button and enter the details about client_id, urls, scope. Note: redirect_uri must be set to the one given by Postman so that the token is received.
OAuth 2 Token from all request headers is validated.
this way it is working with many standard oauth2 clients like python rauth, postman.
I managed to connect Android Authenticator/SyncAdapter using standard OAuth2 Flow.
Community is also discussing about Magento OAuth 2 connector
I kept reading every post related to OAuth2 on the forum, but I’m still scratching my head what’s next.
I have a form login on android which user login through api http://frappe.local:8000/api/method/login
I use CookieManager but I want user keep login unless they logout. Then I started reading Oauth2 on forum as session never expired by using refresh_token.
I successfully setup OAuth2 on server and I expected it works like:
User log in the form in the App, by username & password then got access_token and refresh_token back… in response.
But it seems not. I might misunderstand about OAuth2. https://frappe.io/docs/user/en/guides/integration/using_oauth
Can you just tell the flow of user login by form and get get_token back?
Following is explanation of Authorization Code / Refresh Token grant.
first call : authorize
It checks if user is logged in,
if user is logged and authorizes the access to resource the server return a “Authorization Code” to the redirect uri. i.e your app
Processing response of first call:
there is an endpoint on your app that accepts GET request. the Auth Code comes back here as a parameter. e.g. /process_code?code=abc123
Second call : get_token
take the Auth code caught on the redirect url endpoint in the processing step above, and ask for a token with this code. (make POST request or use oauth client libraries available)
This time the response is the bearer token. Use this bearer_token.access_token for access.
Third call get_token (on expiry of previous bearer token)
Use bearer_token.refresh_token to get new bearer_token seamlessly.
Fourth call (to keep the server clean from used up tokens, optional but recommended)
you can revoke_token the expired bearer token after you refresh token.