https://jarmx.blogspot.com/2022/10/microservices-security-patterns-and.html
Go to http://localhost:8082/ui :
Internally to make this:
https://YOUR_DOMAIN/authorize?
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://YOUR_APP/callback&
scope=SCOPE&
state=STATE
Ldap user :
Username: henry
Password: 123
And back to client, where we get the authorization code for generated Access Token for access API.
Get the code from URL and then we can generated the Access Token, this way:
curl --request POST \
--url 'https://YOUR_DOMAIN/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=authorization_code \
--data 'client_id=YOUR_CLIENT_ID' \
--data client_secret=YOUR_CLIENT_SECRET \
--data code=YOUR_AUTHORIZATION_CODE \
--data 'redirect_uri=https://YOUR_APP/callback'
POST: http://localhost:8081/auth/oauth/token
If you want to test change the code.
With Access Token we can access for API.
GET: http://localhost:8081/auth/rest/hello?access_token=your_token