Comments (3)
Hi @Winniepoom
Sorry for the late response. The guide that you are following works for OrangeHRM 4.x and does not apply to 5.x versions.
We are in the process of updating our documentation for version 5.x. We are now using the Authorization Code Flow with PCKE extension.
In this flow, the main resource that you will need to make API calls is an access_token which can be obtained by following the steps below:
- Register a client with the OrangeHRM Open Source Application via Admin > Configuration > Register OAuth Client
- You can click the add button and provide the details of your third party application.
- You will need to provide the name and redirect URL of your application.
- After clicking save you will receive a Client ID which you will need for the next step
- Generate a code verifier and code challenge
- In order to continue through the flow, you will need to generate a code verifier. The requirements are: a cryptographically random string using the characters
A-Z
,a-z
,0-9
, and the punctuation characters-
,.
,_
,~
(hyphen, period, underscore, and tilde), between 43 and 128 characters long. - Once you have generated that, the code challenge is the Base64-URL encoded string of the SHA256 hash of the code verifier. I.e.
base64urlencode(sha256(code_verifier))
- Make an authorization request by visiting oauth2/authorize with the correct query parameters
- The full URL with all the correct parameters is:
/oauth2/authorize?response_type=code&state=your_state&code_challenge_method=S256&code_challenge=your_challenge&client_id=your_client_id&redirect_uri=your_redirect_uri
- The six query parameters needed are response_type, state, code_challenge_method, code_challenge, client_id and redirect_uri. The values needed are listed below:
- response_type=
code
(default) - code_challenge_method=
S256
(recommended) - client_id=ID obtained in step 1
- code_challenge=Code challenge generated in step 2 (not the code verifier!)
- redirect_uri=Redirect URI provided in step 1
- state=Randomly generated string which can be used for verification.
- response_type=
- You should see the following screen:
- Click Allow Access and you will be redirected to your application (client) with an authorization code and the state (which should be the same value provided)
- Example code:
def50200a0574b76b34a1f5c0ebf22d13e35e30a0ed8ce55ff067f2f2c2acf26b1c3e1faa1e68db669be7904d4dfbcc0ef18d955e60168f99770d16263652a488c4c6ddd4112c506d90bad67654da922da03a020f5e2b00c5658b6398c0a1df41e0f9ab5cc2d12870b50e97ac3e8d3b2b83245f7df5911b7769407f241697dcb2de5a1bf6257cb81f77781f2892eb63d3d17cbb6eaab9913cf9de4f5749564822552ce9afb23e37439e888e2853f5851b1ab54e1dfc9ce4342f8e3698863f019d19ec9c5e8ce849e1fb8d9d30c7c17c648610420b35fa41145e72efbb30f6b56c157091b516eec5bbd84b518a1ccdcbbb07ccfbfc795af069a16131e85154d62177391d67cf6a7868bb5cbdd9ca60ba42ac544026905b50d221ff04dd649dd24fe1912bcc8f5ff6a2f2a84de1204a3d013d07e614f0d95cb670dd6d5d83502611e3f2ff11d51f47c8b3cc70ed9f9693c382726052a0a93df1e4e13c831c06c7d0dc9d473627b8a2641bb906e230a2e5a9eb972068a0b811bac636e7ec3b37cf01eb192378b9245f35ae350
- Example code:
- Use that authorization code to obtain an access_token by making a request to
/oauth2/token
- Make a POST request to /oauth2/token with an x-www-form-urlencoded body
- The body should contain
client_id
,grant_type
,code
,redirect_uri
, andcode_verifier
. The values needed are given below- grant_type:
authorization_code
- code: Authorization code obtained in step 3
- client_id: ID obtained in step 1
- redirect_uri: Redirect URI provided in step 1
- code_verifier: Code verifier generated in step 2 (not the code challenge!)
- grant_type:
- Below is an example of such a request using Postman
- Upon making a successful request you should receive an access_token which you can use to make external API calls. You will also obtain a refresh_token which is further described below.
- Done! You can now make external API calls by providing the access token as a Bearer Token in your authorization headers
from orangehrm.
Refreshing the access token:
- The access_token will expire after 30 minutes
- You can make a request to
/oauth2/token
in order to refresh it - The body should contain
client_id
,grant_type
, andrefresh_token
. The values needed are given below- grant_type:
refresh_token
- client_id: ID obtained in step 1
- refresh_token: Token obtained in step 4
- grant_type:
- Below is an example using Postman
- Upon making a successful request, you will receive a similar response as step 5.
- Now you can continue making API requests using the new access_token
from orangehrm.
That is the full OAuth2 with PCKE flow that we have implemented in version 5.x. I hope the steps were clear. I have also included some additional material you can follow in order to understand the flow better:
from orangehrm.
Related Issues (20)
- Issues where you can't set a password policy with an admin account HOT 3
- Custom Weekend Option or Roster Upload HOT 2
- Edit Candidate attached CV HOT 1
- Duration time in Clock in's and Timesheets HOT 2
- Edit Pay Grade Error HOT 1
- Error 500 when accessing .../employment-contract page HOT 4
- Offering help for translations in French HOT 2
- Upgrading to 5.4 Error on applying Database Changes HOT 3
- Mobile App Connection Issue HOT 2
- Upgrade to version 5.5 error on applying database changes HOT 3
- Unable to launch OrangeHRM 5.5 HOT 15
- Bulk leave assignment HOT 2
- Unit test Issue with orangehrm 4.9 HOT 1
- OrangeHRM Arabic Localisation is bugged HOT 5
- Failed to Update to 5.5 from 4.10.1 HOT 2
- Localization error HOT 3
- No Ubuntu Linux Instructions HOT 3
- Issues in 5.5 after fix #1500, #1517 HOT 5
- Unable to install. when I get to the installation phase, it gets to HOT 19
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from orangehrm.