Oauth2.O
Step-by-step approach for implementing OAuth2.0-style authentication in GTWY using the given route structure.
🗂️ Overview of Routes
Route | Method | Purpose |
|---|---|---|
| GET | Generate or retrieve auth token |
| POST | Save client credentials |
| POST | Verify token & issue access |
| POST | Refresh access token |
🔐 Step-by-Step OAuth2.0-style Flow
1. Client fetches auth_token
Route
GET /auth_token
Controller Logic: CreateAuthToken
Generates a random
auth_token(14-character identifier).If
auth_tokendoesn’t already exist in organization’s metadata, it saves it in the DB.Returns:
{ "auth_token": "(14-character identifier)" }
2. Client saves client_id & redirection_url
Route
POST /
Payload
{
"client_id": "CLIENT_ID",
"redirection_url": "https://client-app.com/oauth/callback"
}
Returns
{
"success": true,
"message": "Auth token saved successfully"
}
3. Client verifies token and receives access credentials
Route
POST /verify
Payload
{
"client_id": "CLIENT_ID",
"redirection_url": "https://client-app.com/oauth/callback"
}
Returns
{
"success": true,
"message": "Auth token verified successfully",
"access_token": "ACCESS_TOKEN",
"refresh_token": "REFRESH_TOKEN"
}
4. Client refreshes access token using refresh token
Route
POST /refresh
Payload
{
"refresh_token": "REFRESH_TOKEN"
}
Logic:
If valid:
Re-issues a new
access_token.
If invalid:
Returns a 401 with message.
Returns
{
"success": true,
"message": "Access token refreshed successfully",
"access_token": "NEW_ACCESS_TOKEN"
}
📌 Notes
access_tokenis typically short-lived and used for authenticated API requests.refresh_tokenis longer-lived and used to regenerateaccess_token.You may optionally store token expiry and revoke logic for security.
✅ Summary
Step | Action | Endpoint |
|---|---|---|
1 | Client requests |
|
2 | Client saves credentials |
|
3 | Client verifies and gets tokens |
|
4 | Client refreshes access token |
|