Learn

Great job! We’ve implemented the Client Credentials OAuth 2.0 flow in our application! The handling of access tokens is done with HTTP requests. We can make an HTTP POST request to the /auth route to obtain an access token.

POST http://localhost:4001/auth
Content-Type: application/x-www-form-urlencoded
Authorization: Basic Y29kZWNhZGVteTpjb2RlY0BkZW15

grant_type=client_credentials

In the HTTP header, we set Authorization to Basic and the base64 encoded Client ID and Client Secret. In the POST request data, we provide grant_type=client_credentials. The server will respond with an access token that looks like this:

{
  "accessToken":" "<access token>",
  "accessTokenExpiresAt":"2021-06-17T01:02:37.272Z",
  "client": {
    "id": "codecademy"},
    "user":{}
  }
}

To use the access token while requesting authenticated content, we pass the bearer token in the Authentication request header, replacing <Access Token> with the token returned from the request to /auth like so:

GET http://localhost:4001/secret
Authorization: Bearer <Access Token>

Instructions

Start the server by running node app.js in the terminal.

Open up a new terminal tab.

Then, send the following HTTP request to http://localhost:4001/auth to obtain an access token using cURL:

curl --request POST \
--url http://localhost:4001/auth \
--header 'authorization: Basic Y29kZWNhZGVteTpjb2RlY0BkZW15' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials

Send the following cURL command to http://localhost:4001/secret and replacing <ACCESS_TOKEN> with the token returned in the previous cURL.

curl --request GET \
--url http://localhost:4001/secret \
--header 'authorization: Bearer <ACCESS_TOKEN>'

Try requesting the /secret route without the access token by running:

curl localhost:4001/secret

Take this course for free

By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?