I am using the following to build an OAuth2 authorization server
To get the authorization code via an endpoint call without a redirect
So I've configured the spring authorization server as per this guide. The problem is that in order to get the authorization code, I need to use a browser, go to some URL and enter my login and password there and then I get the code as part of the redirect URL.
http://127.0.0.1:8080/authorized?code=3itgI0EhMS_gSFAEJqugIWDOMe1GPCgsWe47TTk40MxMYqq4qE3GLRSL2SqWeSUuhxPrZZgYnNXkCrbt96ycq6ln3K4K34u06VuuL2xia8N3w4xM3k0MCNeYqpBUOXAa
I want to skip the part with the UI and somehow just get this code using something like Postman or a Java HTTP client class.
How can I do it ?
You have to use browser if you want to use Authorization Code Grant
It should be redirect URI for getting Authorization code.
+----------+
| Resource |
| Owner |
| |
+----------+
^
|
(B)
+----|-----+ Client Identifier +---------------+
| -+----(A)-- & Redirection URI ---->| |
| User- | | Authorization |
| Agent -+----(B)-- User authenticates --->| Server |
| | | |
| -+----(C)-- Authorization Code ---<| |
+-|----|---+ +---------------+
| | ^ v
(A) (C) | |
| | | |
^ v | |
+---------+ | |
| |>---(D)-- Authorization Code ---------' |
| Client | & Redirection URI |
| | |
| |<---(E)----- Access Token -------------------'
+---------+ (w/ Optional Refresh Token)
If you don't want to use Browser, the Client Credentials Flow is possible. But it is application token not user token.
+---------+ +---------------+
| | | |
| |>--(A)- Client Authentication --->| Authorization |
| Client | | Server |
| |<--(B)---- Access Token ---------<| |
| | | |
+---------+ +---------------+
This is example the client-credential from spotify by Java and Postman