Add OAuth Client Scope Child doctype instead of a scopes semi-colon separated value text field
Fields in OAuth Client Scope
Label:Scope, Type:Link, Option:DocType
Check Boxes for Read, Write, Create, Delete, etc.
Only allow resource defined in scope for the given access_token, right now roles and permissions are controlling access to resource. It should be scope restriction first and then user / role restrictions
Click on Get New Access Token button and enter the details about client_id, urls, scope. Note: redirect_uri must be set to the one given by Postman so that the token is received.
OAuth 2 Token from all request headers is validated.
this way it is working with many standard oauth2 clients like python rauth, postman.
I managed to connect Android Authenticator/SyncAdapter using standard OAuth2 Flow.
Community is also discussing about Magento OAuth 2 connector
I kept reading every post related to OAuth2 on the forum, but I’m still scratching my head what’s next.
I have a form login on android which user login through api http://frappe.local:8000/api/method/login
I use CookieManager but I want user keep login unless they logout. Then I started reading Oauth2 on forum as session never expired by using refresh_token.
I successfully setup OAuth2 on server and I expected it works like:
User log in the form in the App, by username & password then got access_token and refresh_token back… in response.
But it seems not. I might misunderstand about OAuth2. https://frappe.io/docs/user/en/guides/integration/using_oauth
Can you just tell the flow of user login by form and get get_token back?
Following is explanation of Authorization Code / Refresh Token grant.
first call : authorize
It checks if user is logged in,
if user is logged and authorizes the access to resource the server return a “Authorization Code” to the redirect uri. i.e your app
Processing response of first call:
there is an endpoint on your app that accepts GET request. the Auth Code comes back here as a parameter. e.g. /process_code?code=abc123
Second call : get_token
take the Auth code caught on the redirect url endpoint in the processing step above, and ask for a token with this code. (make POST request or use oauth client libraries available)
This time the response is the bearer token. Use this bearer_token.access_token for access.
Third call get_token (on expiry of previous bearer token)
Use bearer_token.refresh_token to get new bearer_token seamlessly.
Fourth call (to keep the server clean from used up tokens, optional but recommended)
you can revoke_token the expired bearer token after you refresh token.
Hi @revant_one
I would like to thank you for your explanation about OAuth 2 . I already used it in my mobile app., and followed your instructions in this topic and in the others, but I want more explanation about revoke_token,the purpose? and when I should do it ?
Also , Is the OAuth 2 always depends on the cookies and sessions data?
the last question is about refresh_token, I can not have any response from it, althought I used the responded token from get_token as mentioned here https://frappe.io/docs/user/en/guides/integration/using_oauth
but I got this msg
revoke_token endpoint revokes the bearer_token. Revoke token after using refresh_token and getting a new valid token, revoke the expired token. This way it is cleaned up from server
Any client connected using it will be revoked.
If token is expired, refresh_token remains valid.
If token is revoked, refresh_token can’t be used and
Revoked tokens will be cleaned up from the server
No it doesn’t depend on cookies or session, It just checks for valid access token in header instead of cookie in header.
The only place where it depend on browser and cookies is the “authorization screen”; the allow/deny app screen.
Under OAuth Client > Advance Settings > Grant Type select Authorization Code
and Response Type select Code
@revant_one I have some trubbles with OAuth 2 authorization way,
Now I used it in my mobile app as the following steps:
get the authorization code and login using frappe.integrations.oauth2.authorize
get the token of that code by frappe.integrations.oauth2.get_token
call the first frappe api “api/resource/Attendance” with Authorizaton: Bearer <bearer_token>
now the problem is when another user tried to login and call an api, it will execute it with the last authorized user!
Is it important to do the authorize and get the token process in each api call?
give me the right way and concept to do that in frappe plz
Thanks
Maysaa