Versions Compared

Old Version 8

changes.mady.by.user Jed Danner

Saved on

compared with

New Version Current

changes.mady.by.user Jed Danner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

OAuth2 authentication work-flows require a Client ID and secret in order to be used.  For more information on obtaining and working with an OAuth2 client, see: Managing OAuth Clients

Table of Contents

...

  1. Create a new OAuth Client (see: Managing OAuth Clients). Once the new client has been created, you will need to edit the client and update the following:

    • Client Name - Give the client a descriptive name to describe the application. 

      Info

      The Client Name will be displayed to the user when they are prompted to allow/deny access for the authorization request


    • Allowed Redirect URI - Add in a redirect URI that will be used to capture the authentication code.  More than one URI can be entered.  These will be used to validate the URI provided when the authentication request is initiated.



  2. Forward user to the URL: https://secure.gotobilling.com/oauth/v2/auth?client_id=CLIENT_ID&response_type=code&redirect_uri=ALLOWED_REDIRECT_URI.  Note:  replace CLIENT_ID with your Client ID, and ALLOWED_REDIRECT_URI with one you configured in the previous step.

    Info

    Based on our example above, we would send the user to the following URL:
    https://secure.gotobilling.com/oauth/v2/auth?client_id=3_63mzt9x8bgkksssosgk8wccskwk0g0o88s88swgwgcww4swkck&response_type=code&redirect_uri=https://my.domain.com/redirect_url


  3. The user will be presented with the OmniFund login screen.  Once they have authenticated using their username and password, they will be asked to Allow or Deny the request by your application

  4. After selecting Allow/Deny, user will be redirected to the redirect_uri specified in the initial request. The "code" GET parameter will be included. 

    Info

    In this example our user would be redirect to the following URL:  

    https://my.domain.com/redirect_url?state=&code=YzFiMGQ3NzZkYmNlMzAyZGI3Y2IwZDkzMDhlOWFiYjAyYzNlOGRk3YzBkODliMmRhYmVlZjkxMmE2ZDdjMQ


  5. Once you have obtained the code value from the response GET parameter, you will need to initiate the access token request from within your application. And provide the following:

    • client_id & client_secret:  OAuth2 client credentials that were generated above
    • code - The authorization code obtained from the successful redirect
    • redirect_uri - The URI matching the one used in the initial authentication request.
    • grant_type: Should be set to "authorization_code"


    Code Block
    titleAccess token request example
    $ http POST https://secure.gotobilling.com/oauth/v2/token \
    grant_type=authorization_code \
    client_id=3_63mzt9x8bgkksssosgk8wccskwk0g0o88s88swgwgcww4swkck \
    client_secret=4ok2x70rlfokc8g0wws8c8kwcokw80k44sw0so0k \
    code=YzFiMGQ3NzZkYmNlMzAyZGI3Y2IwZDkzMDhlOWFiYjAyYzNlOGRk3YzBkODliMmRhYmVlZjkxMmE2ZDdjMQ \
    redirect_uri=https://my.domain.com/redirect_url
HTTP/1.1 200 OK
Cache-Control: no-store, private
Connection: close
Content-Type: application/json
...
{
    "access_token": "Mjk0MDQ5MzUyNzA5YjgwYmE0MzhkM2I5NzRmOTJkMWE3Njk5N2Y0ZTAxNTdkNjQwY2Y0YmZhZmJhNjc3NTQ5ZA",
    "expires_in": 3600,
    "refresh_token": "ZjFmNTZjZmQ3NDEyZjdhZDdiOWY2MWZmOGFjOTkyMGVhNmNlYWFkYmE4ZWI0OGI5YjkwNzQyY2NlN2MwMDJkNA",
    "scope": null,
    "token_type": "bearer"
}


Refreshing an Access Token

...