OAuth Service API Reference

edit

OAuth Service API Reference

edit

The Custom search experiences guide provides conceptual walkthrough of the steps involved in issuing search requests on behalf of users via OAuth.

In this API reference

edit

OAuth Service API Overview

edit

The OAuth Service API provides endpoints to generate user access tokens allowing applications to issue search requests on behalf of an authenticated user. It supports both a confidential flow (which involves generating an authorization code using a Client Secret) and an implicit flow (which allows a user’s client to request access tokens directly).

The available endpoints are as follows:

# Confidential flow
GET /ws/oauth/authorize?response_type=code&client_id=ca6e5332...&redirect_uri=https://one.acme.co
POST /ws/oauth/token?grant_type=authorization_code&client_id=ca6e5332b...&client_secret=c5d51a8c...&redirect_uri=https://one.acme.co&code=78hasd9h324h

# Implicit flow
GET /ws/oauth/authorize?response_type=token&client_id=ca6e5332...&redirect_uri=https://one.acme.co

response_type

required

code for confidential flow, token for implicit flow

client_id

required

Client ID as generated when setting up the OAuth Application

client_secret

required for Confidential

Client Secret as generated when setting up the OAuth Application

redirect_uri

required

Location to redirect user to once the OAuth process completed. Must match a URI as configured in the OAuth Application

code

required

Authorization code as returned by the /authorize endpoint for the confidential flow

grant_type

required

Required for token endpoint for the confidential flow, with value of authorization_code

access_token

response

Token used for issuing search requests on behalf of an authenticated user, generated from a successful OAuth flow

To learn more about setting up and configuring the Search OAuth application, refer to the Configuring the OAuth Application for Search guide.

The Confidential approach is recommended wherever possible, as it provides more control over the generation and refresh of access tokens.


OAuth API Visual Reference

edit
Figure 109. Confidential OAuth flow overview
Figure 110. Implicit OAuth flow overview