Instead of requesting authorization directly from the resource owner (resource owner's credentials), in this grant type, the client directs the resource owner to an authorization server. The authorization server works as an intermediary between the client and resource owner to issues an authorization code, authenticate the resource owner and obtain authorization. As this is a redirection-based flow, the client must be capable of interacting with the resource owner's user-agent (typically a Web browser) and receiving incoming requests (via redirection) from the authorization server.
The client initiates the flow by directing the resource owner's user-agent to the authorization endpoint (you can use the /authorize endpoint for the authorization code grant type of OAuth 2.0). It includes the client identifier, response_type, requested scope, and a redirection URI to which the authorization server sends the user-agent back after granting access. The authorization server authenticates the resource owner (via the user-agent) and establishes whether the resource owner granted or denied the client's access request. Assuming the resource owner grants access, the authorization server then redirects the user-agent back to the client using the redirection URI provided earlier. The redirection URI includes an authorization code.
...
- Log in to the API Manager Store and create a new application.
- Go to the Production Keys tab.
Add the Callback URL of your playground app, Select Code Grant type click Generate Keys.
Add the Callback URL of your playground app and click Update
Note By default the implicit and code grant type selection checkboxes are disabled in the UI. You need to enter the callback URL first to enable selecting the code grant type.
- Go to the playground app and click Import Photos.
Give the information in the table below and click Authorize.
Field Sample Value Authorization Grant Type Authorization Code Client Id Consumer Key obtained for your application Scope The scope you have selected for you application Callback URL The callback URL of your application Authorize Endpoint https://localhost:9443/oauth2/authorize
- The playground application redirects to the login page. Enter you username and password and click Sign In.
Click Approve to provide access to your information.
You will receive the access token as follows
...
Note Note that the Registered Users for Application statistics takes the number of users shared each of the Application. And for the users to be counted in the statistics, they should have to generate access tokens using Password Grant type.