Oauth
Adservio currently supports multiple authorization flow.
- Implicit flow
- Authorization Code Flow
- Client Credentials Flow
The Authorization Code Flow is preffered.
Authorization Code Flow
The flow is initialized by redirect the user to https://www.adservio.ro/oauth2/authorize with the required query string parameters (see Authorize endpoint).
After the authentification is done and consent is given for the required permissions the user will be redirected to the redirect_uri with the following parameters added:
- code = the authorization code used in token exchange (see Token endpoint)
- state = the same value as the state parameter received
After the code is received the server should exchange the code for an access token using the Authorize endpoint.
Warning: The token exchange must be on done on server side. Never expose the client_secret.
Authorize Endpoint
Used to initialize an oauth flow. The can be a full page redirect or it can be opened in an appropriately sized modal.
Query string parameters
| Name | Value Type | Validation | Details |
|---|---|---|---|
| response_type | string | Required | values[code,token]; The flow used. Use code for Authorization Code Flow or token for implicit flow. |
| client_id | string | Required | The client id provided by Adservio. |
| redirect_uri | string | Required | The callback URL that the user will be redirected to. Must be preapproved by Adservio. |
| state | string | Optional | Value that will be returned as is. |
Token Endpoint
Used to exchange the authorization code with an access token. This must be called from the backend side of the application using the POST method. Never expose client_secret to the user.
Output example
{access_token: "eyAA.....",expires_at: "2021-12-28 13:33:22"}
POST parameters
| Name | Value Type | Validation | Details |
|---|---|---|---|
| grant_type | string | Required | values[authorization_code]; The flow used. Must be authorization_code. |
| code | string | Required | The authorization code received in the Authorize Flow. |
| client_id | string | Required | The client id provided by Adservio. |
| client_secret | string | Required | The client secret provided by Adservio. |