How to use OAuth 2 with drupal 8?
I'm going to explain in this tutorial how to use a username and password for a user that already registered.
The user will connect from a third party app, "website, IOS app, Android or any other app".
On this little tutorial I'm going to show you how to create a Bearer Token and a refresh token.
Step 1
Let's start with enabling the rest API and I recommend to install the REST UI module.
Step2
Install the Simple OAuth module and enable it, to enable the OAuth module you also need to install Consumers module.
Step 3
After we enabled all of the required modules, we need to create a role that give the user who hold it a permission to create the token, also gives the permission to use other functions like:
- Create a new post
- view pages
- delete comments
- etc
To do so and after we created the role we need to create UUID to do this go to:
- Admin
- Configuration
- Web Services
- Consumers
Before we create the consumer client uuid we need to go to the settings and create a public and private key.
After that click the add consumer button and fill the form. At the end of the form use the role as a scope.
Step 4
I will use the post man to create a token for one of my users.
- url link : https://{{domain}}/oauth/token?_format=json
- Method Post
- header
- key - content-type
- value - application/json
- Body
- username
- password
- client_id
- secret_id
- grant_type
- password
The response will be like this.
Now you can this token to create delete or what ever you give a permission for the role that hold the scope.
Thanks and I hope that it will help someone out there :).
JQuery Ajax code:
var form = new FormData();
form.append("username", "test");
form.append("password", "123456");
form.append("client_id", "becfd6e0-fa1d-4cc2-9c18-bcd68bbe11a5");
form.append("client_secret", "abc123");
form.append("grant_type", "password");
var settings = {
"async": true,
"crossDomain": true,
"url": "https://domain.test/oauth/token?_format=json",
"method": "POST",
"headers": {
"Content-Type": "application/x-www-form-urlencoded",
"cache-control": "no-cache",
"Postman-Token": "d0282a9f-1d61-4740-8fc7-5e06572a17ac"
},
"processData": false,
"contentType": false,
"mimeType": "multipart/form-data",
"data": form
}
$.ajax(settings).done(function (response) {
console.log(response);
});