usage of /oauth/authorize vs /oauth/token ?

Question

usage of /oauth/authorize vs /oauth/token ?

sridhar1982 opened this issue 9 years ago · 1 comments

sridhar1982 commented 9 years ago

This is again a question:

In this excellent material, @royclarkson has shown how to use /aouth/token to get the access token

curl -X POST -vu clientapp:123456 http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=spring&username=roy&grant_type=password&scope=read%20write&client_secret=123456&client_id=clientapp"

I noticed in this tutorial and in here that two steps are involved in getting access token

1. get an access code

 http://localhost:9999/uaa/oauth/authorize?response_type=code&client_id=acme&redirect_uri=http://example.com

2. exchange access code for access token

$ curl acme:acmesecret@localhost:9999/uaa/oauth/token  \
-d grant_type=authorization_code -d client_id=acme     \
-d redirect_uri=http://example.com -d code=jYWioI

(these curls from second link above)

why is that two step process involved? while in this spring-rest-service-oauth, access token is directly retrieved instead of first retrieving code and then exchanging the code for access token.

Answer 1 · 2016-08-22T03:15:05.000Z

@sridhar1982 This is also what I am confused. And thanks for you tutorial.