Getting Started Development
Concepts Guides OAuth2 Postman
Common Use Cases API Documentation App Store
Creating an App Publishing an App
Cloud Jasmin DevelopmentOAuth2
DevelopmentOAuth2
OAuth2
Back | List of Articles

What authorization flows are supported by the Web API?

Last changed in 31/08/2022

The OAuth 2.0 authorization protocol supports four distinct authorization flows, and their choice is very important for the type of application integrated.

  • Implicit
  • Client credentials
  • Authorization code
  • Authorization code c/ PKCE

The choice of which flow type to use is made at the time of app creation.

Implicit

Used by mobile or web apps, which run on the client and as such cannot save the client secret.

Client credentials

Used in machine-to-machine communications, scenarios where it is not necessary to give permissions to a particular user.

Authorization code

Used by web applications that run on the server side.

Usage Example

The following example demonstrates a use case of the Implict authorization flow for authorizing an application.

Code for the client html page.

'<!DOCTYPE html>
'<html>
'<head>
    <title>Jasmin</title>

    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <!-- Bootstrap CSS & JS -->
    <!-- Latest compiled and minified CSS -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">

    <!-- jQuery library -->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.0/jquery.min.js"></script>

    <!-- Latest compiled JavaScript -->
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>

    <!-- Mystyle -->
    <link href="main.css" rel="stylesheet" type="text/css" />

    <!-- Our Website scripts -->
    <script src="Index.js"></script>
'</head>
'<body>
    <div class="container-fluid">
        <div id="aligner">
            <div class="text-center">
                <div class="row">
                    <div class="col-md-12">
                        <h4><B>Demo OAuth 2.0</B></h4>
                        <p>Autenticação com fluxo implicito</p>
                    </div>
                </div>
                <div class="col-md-12">
                    <button onClick="doLogin()" class="btn btn-primary btn-block">Entrar</button>
                </div>
            </div>
        </div>
    </div>
'</body>
'</html>

Java code that will perform the request.

function doLogin() {

    var CLIENT_ID = 'A chave do seu cliente';
    var AUTHORIZATION_ENDPOINT = 'https://identity.primaverabss.com/connect/authorize';
    var CALLBACK_ENDPOINT = 'https://localhost:4200/login.html'

    try {

        var authUrl = AUTHORIZATION_ENDPOINT +
        '?response_type=token' +
        '&client_id=' + CLIENT_ID +
        '&redirect_uri=' + CALLBACK_ENDPOINT +
        '&scope=rose-api';

        window.location.replace(authUrl);

    }
    catch (err) {
        console.log(err.message);
    }
}

Page styles.

#aligner {
    position: absolute;
    top: 50%;
    left: 50%;
    transform: translateX(-50%) translateY(-50%);
}

#heading {
    padding: 10px;
}

#main-content > .container {
    padding: 0 15px;
}
Bookmark or share this article
Esta página foi útil?
Obrigado pelo seu voto.

login para deixar a sua opinião.

Obrigado pelo seu feedback. Iremos analisá-lo para continuarmos a melhorar!
Artigos Relacionados
Quais os fluxos de autorização suportados na Web API? Como funciona a autorização OAuth 2.0? Scopes Limites utilização da API Quais os fluxos de autorização suportados na Web API?