Authentication

Authentication tokens are given out via the Authorization Server. This service can be found at http://{yourserver}/AuthorizationServer/Token. Once a token is retrieved you include this in the standard HTTP 'Authorization"" header. For example:

Authorization: Bearer FMe2yIIoV9gd...

OAuth 2 Server Flows

Resource owner credentials / password

POST /AuthorizationServer/Token HTTP/1.1
Host: localhost
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=jsmith&password=pass123

Client credentials

POST /AuthorizationServer/Token HTTP/1.1
Host: localhost
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=MyAppName&client_secret=AnvDe2yIQufd9Ad...

Note: to add a new trusted server for client credentials authentication you need to add your trusted server to the clients.config file of the /authorizationserver/configuration

Client credentials with impersonation

POST /AuthorizationServer/Token HTTP/1.1
Host: localhost
Impersonate: sfowler
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=MyAppName&client_secret=AnvDe2yIQufd9Ad...

Utilize the same client credentials parameters for a trusted service. In addition add the impersonate header