how to get access token with OAuth

  • Hi there,
    I’m new to wordPress. I’m trying to figure out how to get access token using oauth plugin, I need a way for browser to access the pages in wordPress from my web application.
    I installed wordPress 4.8 free version (download from www.ads-software.com), and then installed oauth plugin. I created a user TestUser, and added this TestUser as a client using Oauth server. I got client id and client secret.

    I found the instruction about getting https://wp-oauth.com/kb/using-postman-and-wp-rest-api/ about getting access token using postman. so from postman
    the instruction does not say url, so I put post url “https://localhost/wordpress/auth”
    method: POST
    authorization:
    type : basic Auth (question here: it is oauth, why we use basic auth??)
    username : I put client id here
    password: I put client secret here
    then postman button “update request” make it as a header for “Authorization”
    header:
    Content-Type : application/x-www-form-urlencoded
    body:
    grant_type=password (??? why grant type is password??)
    username : I put the user name “TestUser”
    password : password for user “TestUser”, this is not client secret

    when I click “send”, I got 404 error.

    I think I don’t fully understand how to get access token here. Can someone help me?
    I also don’t understand this instruction:
    1. what url should be used to get access token with wordPress ?
    2. why authorization header is type “Basic Auth”
    3. I have client id and client secret already, why do I still need to provide userid and password?
    4 where did I do wrong? how I can get access token?

    Thanks a lot,
    Helen

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi Helen,
    1st of all you need https to run oauth correctly. I have create code for genrating access token bellow you can try it. what you will need to get access token by running bellow code then run through postman using that token.
    Note: it’s seprate script you can put in folder anywhere in your hosting.
    1. you need to create index.php file in somewhere in your host. put the bellow code.

    <form action="[your domain]/oauth/authorize?response_type=code&client_id=[your client id]&redirect_uri=[link to script folder]/redirect.php" method="post">
<input type="submit" value="Generate Token" \>
</form>

    2. Create redirct.php file in that folder and put bellow script

    <?php

$curl_post_data = array(
'grant_type' => "authorization_code",
'code' => $_GET["code"],
'redirect_uri' => "[your script folder]/redirect.php"
);
$service_url = '[your domain]/oauth/token';
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, "[your client id]:[your client password]"); //Your credentials goes here
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

$curl_response = curl_exec($curl);
$response = json_decode($curl_response,true);
curl_close($curl);
echo "<pre>";
var_dump($response);
echo "</pre><hr/>";
echo "<a href='[your script folder]/auth.php?token=".$response['access_token']."'>Get Info</a>";

    3. Finally create auth.php and put the bellow script to check you token is working or not. 

    <?php

$service_url = '[your domain]/oauth/me/?access_token='.$_GET['token'];
$curl = curl_init($service_url);

curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); // If the url has https and you don't want to verify source certificate

$curl_response = curl_exec($curl);

$response = json_decode($curl_response, true);
curl_close($curl);
echo "<pre>";
print_r($response);

    Hope it will help you to configured oauth.

    Thanks
    Irfan

    Thread Starter hchen

    (@hchen)

    Hi Irfan,

    Thanks so much for the info. I’ll try it.
    So that means those authorize, auth scripts have to be developed, not included in oauth, right? I thought they came with oauth server.

    Thanks again,
    Helen

    Plugin Author Justin Greer

    (@justingreerbbi)

    Thanks @irfanbinhakim for the awesome information and support.

    @hchen
    Yes, you will need to create your own client scripts. The good news is that there is a ton of them out there already made. You just have to do some research for the one that you want/need.

    This plugin along only enables WordPress to use OAuth 2.0 as a means of authorization. There is a WP client plugin that works as a WP SSO client as well. You could check out the code base there to get another perspective on how the flow of a client works.

    https://www.ads-software.com/plugins/single-sign-on-client/

    The code examples given above are an awesome layout of how you can use the authorization code grant type. For more examples you can visit https://wp-oauth.com/kb-cat/how-to/

    Thread Starter hchen

    (@hchen)

    Hi Justingreerbbi,

    Thanks so much for the info. I’m learning it now. Will come back with questions.

    Helen

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘how to get access token with OAuth’ is closed to new replies.