InVID User Registration
Unregistered users can register a new InVID User and it’s Organization through a POST to /inVIDUsers and /organizations respectively. However, the user will not be available to login until an InVID administrator activates the account.
Create Organization
Request
Request Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
|
The requested Content-Type of the response |
Request Fields
Path | Type | Description |
---|---|---|
|
|
The name of the Organization |
|
|
URL of the main page of the Organization |
|
|
A brief description of the Organization |
Example Request
POST /organizations HTTP/1.1
Content-Type: application/json
Accept: application/hal+json
Host: localhost:8080
Content-Length: 205
{"name":"Daily Mail","description":"The Daily Mail is a British daily middle-market tabloid newspaper owned by the Daily Mail and General Trust and published in London.","url":"http:\/\/www.dailymail.com"}
$ curl 'http://localhost:8080/organizations' -i -X POST -H 'Content-Type: application/json' -H 'Accept: application/hal+json' -d '{"name":"Daily Mail","description":"The Daily Mail is a British daily middle-market tabloid newspaper owned by the Daily Mail and General Trust and published in London.","url":"http:\/\/www.dailymail.com"}'
Response
Response Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
Response Fields
Path | Type | Description |
---|---|---|
|
|
The id of the Organization |
|
|
The name of the Organization |
|
|
URL of the main page of the Organization |
|
|
A brief description of the Organization |
|
|
Links to related resources detailed in the next table |
Response Links
Relation | Description |
---|---|
|
The members of this Organization |
Example Response
HTTP/1.1 201 Created
Location: http://localhost:8080/organizations/82f54673-7026-4b97-8e9e-961c93379f65
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 642
{
"id" : "82f54673-7026-4b97-8e9e-961c93379f65",
"name" : "Daily Mail",
"description" : "The Daily Mail is a British daily middle-market tabloid newspaper owned by the Daily Mail and General Trust and published in London.",
"url" : "http://www.dailymail.com",
"_links" : {
"self" : {
"href" : "http://localhost:8080/organizations/82f54673-7026-4b97-8e9e-961c93379f65"
},
"organization" : {
"href" : "http://localhost:8080/organizations/82f54673-7026-4b97-8e9e-961c93379f65"
},
"members" : {
"href" : "http://localhost:8080/organizations/82f54673-7026-4b97-8e9e-961c93379f65/members"
}
}
}
Create InVID User
Request
Request Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
|
The requested Content-Type of the response |
Request Fields
Path | Type | Description |
---|---|---|
|
|
The username to identify this user |
|
|
The user’s email |
|
|
A brief description of the user |
|
|
The password to log in |
|
|
A link to the user’s organization |
Example Request
POST /inVIDUsers HTTP/1.1
Content-Type: application/json
Accept: application/hal+json
Host: localhost:8080
Content-Length: 200
{"password":"secretpassword","organization":"\/organizations\/d269e1e2-d391-49ee-a149-02a4be63f0e2","description":"I'm a journalist for Daily Mail.","email":"george@dailymail.com","username":"George"}
$ curl 'http://localhost:8080/inVIDUsers' -i -X POST -H 'Content-Type: application/json' -H 'Accept: application/hal+json' -d '{"password":"secretpassword","organization":"\/organizations\/d269e1e2-d391-49ee-a149-02a4be63f0e2","description":"I'm a journalist for Daily Mail.","email":"george@dailymail.com","username":"George"}'
Response
Response Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
Response Fields
Path | Type | Description |
---|---|---|
|
|
The id of this user |
|
|
The username to identify this user |
|
|
The real name of this user |
|
|
Indicates whether this account is active or not |
|
|
Email of this user |
|
|
A brief description of this user |
|
|
Links to related resources detailed in the next table |
Response Links
Relation | Description |
---|---|
|
The Organization to which this user belongs |
Example Response
HTTP/1.1 201 Created
Location: http://localhost:8080/inVIDUsers/2900cb0c-4b79-4025-9f3f-095f2f4c2c60
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 695
{
"id" : "2900cb0c-4b79-4025-9f3f-095f2f4c2c60",
"username" : "george@dailymail.com",
"email" : "george@dailymail.com",
"description" : "I'm a journalist for Daily Mail.",
"enabled" : false,
"realUsername" : "George",
"accountNonExpired" : true,
"accountNonLocked" : true,
"credentialsNonExpired" : true,
"_links" : {
"self" : {
"href" : "http://localhost:8080/inVIDUsers/2900cb0c-4b79-4025-9f3f-095f2f4c2c60"
},
"inVIDUser" : {
"href" : "http://localhost:8080/inVIDUsers/2900cb0c-4b79-4025-9f3f-095f2f4c2c60"
},
"organization" : {
"href" : "http://localhost:8080/inVIDUsers/2900cb0c-4b79-4025-9f3f-095f2f4c2c60/organization"
}
}
}
InVID User Authentication
In order to perform authenticated requests to the Rights API, any API user has to send, in the request’s header, a valid OAuth2 access_token, which is provided by the Identity Provider.
Obtain access_token
To obtain an OAuth2 access_token, InVID Users have to perform a POST
request to /oauth/token that includes
in x-www-form-urlencoded format the following parameters:
-
grant_type: The OAuth grant type (e.g. "password")
-
client_id: Your App client_id
-
client_secret: Your App client_secret
-
username: If grant_type is "password", the username of the user to authenticate
-
password: If grant_type is "password", the password of the user to authenticate
There are some predefined InVID users for testing purposes available from: http://www.invid-project.eu/wiki/doku.php?id=wp4#invid_rights_management_services
Request Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
|
The requested Content-Type of the response |
Example Request
POST /oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json;charset=UTF-8
Host: localhost:8080
grant_type=password&client_id=test&client_secret=testpassword&username=journalist%40invid-project.eu&password=password
$ curl 'http://localhost:8080/oauth/token' -i -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: application/json;charset=UTF-8' -d 'grant_type=password&client_id=test&client_secret=testpassword&username=journalist%40invid-project.eu&password=password'
Response Fields
Path | Type | Description |
---|---|---|
|
|
A valid OAuth2 access token for the Rights API |
|
|
A valid OAuth2 refresh token which can be used to obtain a new access_token for the Rights API |
|
|
Type of the provided token |
|
|
Seconds before token expiration |
|
|
Scopes of the access_token |
|
|
Username of the authenticated user |
|
|
ID of the organization of the authenticated user |
|
|
Organization name of the authenticated user |
|
|
ID of the authenticated user |
|
|
Email of the authenticated user |
|
|
JWT ID. It is a unique identifier of the JWT |
Response Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
Example Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 1546
{"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6ImYxY2QwNTg3LWUzZjktNDFkYi1hY2M2LWE3MTdiMzI5NjdkMCIsInVzZXJfbmFtZSI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJvcmdhbml6YXRpb24iOiJEYWlseSBQbGFuZXQiLCJpZCI6ImUwODM4OTYzLWQ1YzUtNGRiYy1hNDNhLWMzYzcwMTNiNzE2MSIsImV4cCI6MTU0NDYxNjkzMCwiYXV0aG9yaXRpZXMiOlsiUk9MRV9JTlZJRCJdLCJqdGkiOiJhOTk0NzBmMC00ZWUxLTRmMDMtODBhOS04ZDNjNmIwNDM5MmIiLCJlbWFpbCI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsImNsaWVudF9pZCI6InRlc3QiLCJ1c2VybmFtZSI6IkNsYXJrIEtlbnQifQ.MKgnVuetSsm7H0YX5e7ODv0rencECFm7Pa5OR3tkVOA","token_type":"bearer","refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6ImYxY2QwNTg3LWUzZjktNDFkYi1hY2M2LWE3MTdiMzI5NjdkMCIsInVzZXJfbmFtZSI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJvcmdhbml6YXRpb24iOiJEYWlseSBQbGFuZXQiLCJhdGkiOiJhOTk0NzBmMC00ZWUxLTRmMDMtODBhOS04ZDNjNmIwNDM5MmIiLCJpZCI6ImUwODM4OTYzLWQ1YzUtNGRiYy1hNDNhLWMzYzcwMTNiNzE2MSIsImV4cCI6MTU0NzIwNTMzMCwiYXV0aG9yaXRpZXMiOlsiUk9MRV9JTlZJRCJdLCJqdGkiOiIyMjhjYjYzZS00OTE3LTQxMTUtYjc5Ny04NjkxYTc1ZDY2ZTEiLCJlbWFpbCI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsImNsaWVudF9pZCI6InRlc3QiLCJ1c2VybmFtZSI6IkNsYXJrIEtlbnQifQ.20Ff08yd81AxpzVhgUuwVMeGVTLPd2qTs5NjjfpjtoE","expires_in":3599,"scope":"read write","organizationId":"f1cd0587-e3f9-41db-acc6-a717b32967d0","organization":"Daily Planet","id":"e0838963-d5c5-4dbc-a43a-c3c7013b7161","email":"journalist@invid-project.eu","username":"Clark Kent","jti":"a99470f0-4ee1-4f03-80a9-8d3c6b04392b"}
Refresh access_token
Since access_token expires, the refresh_token must be used to obtain a new acces_token without providing the user credentials.
To obtain an OAuth2 access_token using the refresh_token, InVID Users have to perform a POST
request to /oauth/token that includes
in x-www-form-urlencoded format the following parameters:
-
grant_type: In this case this will be "refresh_token"
-
client_id: Your App client_id
-
client_secret: Your App client_secret
-
refresh_token: The refresh token obtained in the authentication process
Request Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
|
The requested Content-Type of the response |
Example Request
POST /oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json;charset=UTF-8
Host: localhost:8080
grant_type=refresh_token&client_id=test&client_secret=testpassword&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6ImUzZjYzNTBmLTkyODctNDU0MS1hNGE1LWQ1ZmQ0OGQyMGYwOSIsInVzZXJfbmFtZSI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJvcmdhbml6YXRpb24iOiJEYWlseSBQbGFuZXQiLCJhdGkiOiIyYzg2MTM3NC02NmU5LTRlMGQtOTgyZC0yNmNhODQyN2M2NjkiLCJpZCI6ImZjODcwNTNkLWYwYmYtNDY1NS04Nzk0LWFmZmMyNjFmOTIwOCIsImV4cCI6MTU0NzIwNTMxNiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9JTlZJRCJdLCJqdGkiOiJjZGE0ZDZmYS1lOWYyLTRkODAtOTEyMS1lNGUzNjE0MTZhMmQiLCJlbWFpbCI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsImNsaWVudF9pZCI6InRlc3QiLCJ1c2VybmFtZSI6IkNsYXJrIEtlbnQifQ.0Qh5L7frXSwtcOHz9TT-VCLgI6efaswWPtY-PGH1HPE
$ curl 'http://localhost:8080/oauth/token' -i -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: application/json;charset=UTF-8' -d 'grant_type=refresh_token&client_id=test&client_secret=testpassword&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6ImUzZjYzNTBmLTkyODctNDU0MS1hNGE1LWQ1ZmQ0OGQyMGYwOSIsInVzZXJfbmFtZSI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJvcmdhbml6YXRpb24iOiJEYWlseSBQbGFuZXQiLCJhdGkiOiIyYzg2MTM3NC02NmU5LTRlMGQtOTgyZC0yNmNhODQyN2M2NjkiLCJpZCI6ImZjODcwNTNkLWYwYmYtNDY1NS04Nzk0LWFmZmMyNjFmOTIwOCIsImV4cCI6MTU0NzIwNTMxNiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9JTlZJRCJdLCJqdGkiOiJjZGE0ZDZmYS1lOWYyLTRkODAtOTEyMS1lNGUzNjE0MTZhMmQiLCJlbWFpbCI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsImNsaWVudF9pZCI6InRlc3QiLCJ1c2VybmFtZSI6IkNsYXJrIEtlbnQifQ.0Qh5L7frXSwtcOHz9TT-VCLgI6efaswWPtY-PGH1HPE'
Response Fields
Path | Type | Description |
---|---|---|
|
|
A valid OAuth2 access token for the Rights API |
|
|
A valid OAuth2 refresh token which can be used to obtain a new access_token for the Rights API |
|
|
Type of the provided token |
|
|
Seconds before token expiration |
|
|
Scopes of the access_token |
|
|
Username of the authenticated user |
|
|
ID of the organization of the authenticated user |
|
|
Organization name of the authenticated user |
|
|
ID of the authenticated user |
|
|
Email of the authenticated user |
|
|
JWT ID. It is a unique identifier of the JWT |
Response Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
Example Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 1546
{"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6ImUzZjYzNTBmLTkyODctNDU0MS1hNGE1LWQ1ZmQ0OGQyMGYwOSIsInVzZXJfbmFtZSI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJvcmdhbml6YXRpb24iOiJEYWlseSBQbGFuZXQiLCJpZCI6ImZjODcwNTNkLWYwYmYtNDY1NS04Nzk0LWFmZmMyNjFmOTIwOCIsImV4cCI6MTU0NDYxNjkxNiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9JTlZJRCJdLCJqdGkiOiI1NzY1ODcwMC1mMzk4LTQ1OTEtODk3Yy01MjM3MGM5ZjM3ZWQiLCJlbWFpbCI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsImNsaWVudF9pZCI6InRlc3QiLCJ1c2VybmFtZSI6IkNsYXJrIEtlbnQifQ.9FlixqP825w_JOhikdocD4uHVSXdg375RBj1ByWsp7I","token_type":"bearer","refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6ImUzZjYzNTBmLTkyODctNDU0MS1hNGE1LWQ1ZmQ0OGQyMGYwOSIsInVzZXJfbmFtZSI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJvcmdhbml6YXRpb24iOiJEYWlseSBQbGFuZXQiLCJhdGkiOiI1NzY1ODcwMC1mMzk4LTQ1OTEtODk3Yy01MjM3MGM5ZjM3ZWQiLCJpZCI6ImZjODcwNTNkLWYwYmYtNDY1NS04Nzk0LWFmZmMyNjFmOTIwOCIsImV4cCI6MTU0NzIwNTMxNiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9JTlZJRCJdLCJqdGkiOiJjZGE0ZDZmYS1lOWYyLTRkODAtOTEyMS1lNGUzNjE0MTZhMmQiLCJlbWFpbCI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsImNsaWVudF9pZCI6InRlc3QiLCJ1c2VybmFtZSI6IkNsYXJrIEtlbnQifQ.z8KhdAQcTdzpcS_XELXKXUOugYPJznv_P1t7UNNVO_c","expires_in":3599,"scope":"read write","organizationId":"e3f6350f-9287-4541-a4a5-d5fd48d20f09","organization":"Daily Planet","id":"fc87053d-f0bf-4655-8794-affc261f9208","email":"journalist@invid-project.eu","username":"Clark Kent","jti":"57658700-f398-4591-897c-52370c9f37ed"}
Check Token
Once you have obtained a token, you can validate it through a POST
to /oauth/check_token,
which will also return information about the user authenticated by that token.
Request Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
|
The requested Content-Type of the response |
|
Basic auth with username <client_id> and password <client_secret> |
Example Request
POST /oauth/check_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json;charset=UTF-8
Authorization: Basic dGVzdDp0ZXN0cGFzc3dvcmQ=
Host: localhost:8080
token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6IjY3YTkxYTZjLTFmNGEtNDhlMi05ODI1LWJiZDBhMmNlZjQ4MSIsInVzZXJfbmFtZSI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJvcmdhbml6YXRpb24iOiJEYWlseSBQbGFuZXQiLCJpZCI6ImUwNzUzZDc0LWMxMWMtNDE5OS05NjA5LWE2OGNjZDA4MTkwNiIsImV4cCI6MTU0NDYxNjkxMSwiYXV0aG9yaXRpZXMiOlsiUk9MRV9JTlZJRCJdLCJqdGkiOiJlMmVjNzZjMi02NGNiLTRhYTItYTg2OC0yMzQ3ODJkNWIwNmIiLCJlbWFpbCI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsImNsaWVudF9pZCI6InRlc3QiLCJ1c2VybmFtZSI6IkNsYXJrIEtlbnQifQ.H6tRFDu4k4Wv_moqUzyky_NMZMz_X28-69yzPw6DLSE
$ curl 'http://localhost:8080/oauth/check_token' -i -u 'test:testpassword' -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: application/json;charset=UTF-8' -d 'token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml6YXRpb25JZCI6IjY3YTkxYTZjLTFmNGEtNDhlMi05ODI1LWJiZDBhMmNlZjQ4MSIsInVzZXJfbmFtZSI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdLCJvcmdhbml6YXRpb24iOiJEYWlseSBQbGFuZXQiLCJpZCI6ImUwNzUzZDc0LWMxMWMtNDE5OS05NjA5LWE2OGNjZDA4MTkwNiIsImV4cCI6MTU0NDYxNjkxMSwiYXV0aG9yaXRpZXMiOlsiUk9MRV9JTlZJRCJdLCJqdGkiOiJlMmVjNzZjMi02NGNiLTRhYTItYTg2OC0yMzQ3ODJkNWIwNmIiLCJlbWFpbCI6ImpvdXJuYWxpc3RAaW52aWQtcHJvamVjdC5ldSIsImNsaWVudF9pZCI6InRlc3QiLCJ1c2VybmFtZSI6IkNsYXJrIEtlbnQifQ.H6tRFDu4k4Wv_moqUzyky_NMZMz_X28-69yzPw6DLSE'
Response Fields
Path | Type | Description |
---|---|---|
|
|
The id of the logged user |
|
|
The email of the logged user |
|
|
Username of the authenticated user |
|
|
The email of the logged user |
|
|
The email of the logged user |
|
|
The id of the organization to which the user is associated |
|
|
The name of the organization to which the user is associated |
|
|
The name of the organization to which the user is associated |
|
|
The name of the organization to which the user is associated |
|
|
JWT ID. It is a unique identifier of the JWT |
|
|
The name of the organization to which the user is associated |
Response Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
Example Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 370
{"organizationId":"67a91a6c-1f4a-48e2-9825-bbd0a2cef481","user_name":"journalist@invid-project.eu","scope":["read","write"],"organization":"Daily Planet","id":"e0753d74-c11c-4199-9609-a68ccd081906","exp":1544616911,"authorities":["ROLE_INVID"],"jti":"e2ec76c2-64cb-4aa2-a868-234782d5b06b","email":"journalist@invid-project.eu","client_id":"test","username":"Clark Kent"}
Twitter Sign in
The browser implementation of Sign in with Twitter is based off of OAuth.
So it requires a quite different process to obtain an access_token
compared with
the other authentication services which use OAuth2.
The whole process to authenticate a Twitter user through OAuth is explained in Twitter documentation’s Implementing Sign in with Twitter. Note that steps 1 and 3 of the guide must be done from the server side. For this reason we have had to implement this module.
Step 1: Obtaining a request token
To start a sign in flow, your application must obtain a request token which is necessary for completing step 2.
Request Fields
Path | Type | Description |
---|---|---|
|
|
The URL the user will be redirected to after step 2. |
Request Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
|
The requested Content-Type of the response |
Example Request
POST /twitter/request_token HTTP/1.1
Content-Type: application/json
Accept: application/hal+json
Host: localhost:8080
Content-Length: 42
{"oauth_callback":"http://localhost:4600"}
$ curl 'http://localhost:8080/twitter/request_token' -i -X POST -H 'Content-Type: application/json' -H 'Accept: application/hal+json' -d '{"oauth_callback":"http://localhost:4600"}'
Response Fields
Path | Type | Description |
---|---|---|
|
|
The request token |
Response Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
Example Response
HTTP/1.1 200 OK
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 37
{"oauth_token":"valid_request_token"}
Step 3: Converting the request token to an access token
To render the request token into a usable access token, again it is necessary to make a server side call
passing the request token from step 1 and the oauth_verifier
obtain on step 2.
Request Fields
Path | Type | Description |
---|---|---|
|
|
The request_token obtained from Step 1. |
|
|
The oauth_verifier obtained from Step 2. |
Request Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
|
The requested Content-Type of the response |
Example Request
POST /twitter/oauth_token HTTP/1.1
Content-Type: application/json
Accept: application/hal+json
Host: localhost:8080
Content-Length: 71
{"oauth_verifier":"valid_verifier","oauth_token":"valid_request_token"}
$ curl 'http://localhost:8080/twitter/oauth_token' -i -X POST -H 'Content-Type: application/json' -H 'Accept: application/hal+json' -d '{"oauth_verifier":"valid_verifier","oauth_token":"valid_request_token"}'
Response Fields
Path | Type | Description |
---|---|---|
|
|
The access token |
Response Headers
Name | Description |
---|---|
|
The Content-Type of the payload |
Example Response
HTTP/1.1 200 OK
Content-Type: application/hal+json;charset=UTF-8
Content-Length: 36
{"oauth_token":"valid_access_token"}