This document are intended and mark as for personal use only.
sails lift
cd examples
node trustedClient.js
http://localhost:81/oauth/authorize?client_id=CLIENT_ID&response_type=code&redirect_uri=http://localhost:1338&scope=http://localhost:81
curl -XPOST -d 'client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=authorization_code&redirect_uri=http://localhost:1338&code=CODE' http://localhost:81/oauth/token
Resource owner password flow (this flow is only available if the client is among the trusted clients)
curl -XPOST "http://localhost:1337/oauth/token" -d "grant_type=password&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&username=USERNAME&password=PASSWORD"
Choose one of the method above, this returns an access token and a refresh token in a the following json format
{
"access_token":"wz80aFzNidTAE8hE0Yom2bi9zQNQ22VJcAoSN2lxm6vEBHV0N11xmDiW94Q3LZCsACv41H2CPhKeUO95vydzNbSytlyc6BGMRhbYQ5cqRK4klNxect3p6wim1O8COV1rplbcRO99QCBuRDPLo9aS92ThtSjqZK3mCceFabiy566EctdVT8xSBpwzCyqWw9tONedgIrEsL8SMdPNL8hVvDNJ7W77DE2nOZnFhrFYciS7RccPkc7vVuYcJ4Q49xEM",
"refresh_token":"VIuRSlvAYLgn0xMaBHTF0LUxdyqR3i6hNwwEPu5iPqXRXLOftYkKQRuRfMhPqSAaY3Ym1gVKYQqtKrUQLg5xOB0MzBucEMd21Gzy0b5karTuuUrQTPzF96uCztOh37tQxplX9OQSlcO96N7N3RgN06nJxMLFQRZIalZkTtpRBSJc7Vs79tDkOv8dm95WSdYefnfoOuJSeUtc3D5d2XiEWXkjUHS8O5vm9rRhoGrpNAUHfijdLIYR6QzY3urAV5AI",
"expires_in":3600,
"token_type":"Bearer"
}
Once the access_token is retrieved, it needs to be passed in the Authorization header of each request to the API as in the following example:
curl -H 'Authorization: Bearer ACCESS_TOKEN' -GET "http://localhost:81/api/info
Open config/policies.js
, Apply ‘oauthBearer’ policies into controller action will make that resources oauth protected, example:
InfoController: {
'index': 'oauthBearer'
}