Authorization of Public PBX Applications with User Confirmation
- esnata (Unlicensed)
The PBX application redirects the user to the authorization URL https://<hostname>/oauth/authorize<hostname>, passing the authorization data as parameters of the GET request in the application/x-www-form-urlencoded format.
Parameter | Description |
response_type | The response type, should always have the value code |
redirect_uri | The URI that the system will use to send the response. Must match the one specified when creating the PBX application |
client_id | App ID generated when creating the PBX app |
scope | Scope of permissions for the PBX application, must be set to all |
Example
https://<hostname>/oauth/authorize?response_type=code&client_id=2bb0c19ea4df4b908cf2db51a1aea86b&redirect_uri=https://testsite.com&scope=all2. The user allows or denies the PBX application access to the system on their own behalf. If the user is not logged in to the system, they are first logged in with a username and password:
If the user allows access, the access request will not appear on subsequent authorization attempts until the user explicitly removes the permission.
3. If the user allows access, the system redirects the user to the
Redirect URL of the PBX application specified during registration, passing a temporary code as a request parameter to obtain the access token:
GET https://<apphostname>/authorized?code=SpHCEr6qiCj1kZRTvEb36qZAqWqIHz
4. To get an access token, you need to send a POST request to the system server at the URL
https://<hostname>/oauth/token, using the received code:POST https://<hostname>/oauth/token
The parameters are passed in the request body in the application/x-www-form-urlencoded format.
Request parameters
Parameter | Description |
|---|---|
grant_type | Must always have the value authorization_code |
code | The temporary access token code received by the PBX application in the previous step |
redirect_uri | Redirect URI. Must match the one specified when creating the PBX application |
client_id | App ID generated when creating the PBX app |
client_secret | App Secret generated when creating the PBX app |
Response parameters
Parameter | Description |
|---|---|
access_token | Access token. Used by the PBX application for API requests |
expires_in | The time period, in seconds, during which the token is valid. If an authorization error occurred while using the token, it is recommended to request the token again, even if the time specified in the expires_in field has not yet passed before the token expires |
token_type | The type of the token. Always has the value Bearer |
refresh_token | Refresh token, which can be used to regenerate the access token when it has become invalid |
scope | The scope of permissions for the PBX application, is set to all |
Example
curl -L -X POST 'https://<hostname>/oauth/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=aIlsm1bCglDGvQKShm0AhHrBhDyshn' \
--data-urlencode 'client_id=a80f1e618ddd4d5584e2bd48fd404194' \
--data-urlencode 'client_secret=a2423941f5be408c918d5f7207570990' \
--data-urlencode 'redirect_uri=https://testsite.com'System response:
{
"access_token": "itFyАvKhTrZDCwH2Q2oZYmo94IvOIL",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "L40pLFI9hgoРlpDlFHNAvPUt0КWK0С",
"scope": "all"
}
← Creating and Authorizing PBX Applications Authorization of Trusted PBX Applications →