This is part of authorization flow that takes user’s credentials and redirect back authorization
code to the webserver through user agent (browser). The web server will use the authorization code
along with client_id and client_secret.
In this tutorial we are using curl command to access the service for demo purpose. In reality,
this should be done in the light-portal login page.
The GET endpoint uses Basic Authorization and POST endpoint uses Form Authorization.
In most of the cases, you should use GET endpoint as it provides popup window on
the browser to ask username and password. And there is no need to create a login page
and error page.
POST endpoint is usually used when you want to have customized login page and error page to make
sure users have the same experience as they browser other part of your web server. Browser will have
a login form to collect user credentials and posts it to the OAuth2 server endpoint. Once the user
is authenticated, a authorization code is redirected back to the browser with a redirect URI passed
in from the request or the default redirect URI for the client will be used from client registration.
As you might guess, this endpoint requires customization most of the time on login page and error page.
Default login page and error page are provided as a starting points to make your customized pages.
There is only one admin user after the system is installed and the default password
is “123456”. The password needs to be reset immediately with User Service for
To get authorization code put the following url into your browser.
If this is the first time you hit this url on the browser, you will have a popup window for user
credentials. Now let’s use admin/123456 to login given you haven’t reset the password
yet for admin user.
Once authentication is completed, an authorization code will be redirect to your
browser. Something like the following.
If you want to call the get endpoint from your command line or script, you can put
the user credentials into the header in above command. Just make sure you have
a server listening to the redirect uri you have specified.