The OAuth provider in SmartCloud for Social Business defines two endpoints for applications that want to use the OAuth 2.0 web server flow. The OAuth client uses these links to access tokens and authorization during the OAuth flow. To correctly access the endpoints, you must provide the credentials and tokens that are described in the steps below.
The following image shows a graphical view of the OAuth 2.0 web server flow within SmartCloud for Social Business:
The web server flow takes place in the following order:
Parent topic: Open Authorization
1. Step 1: Register the application
Each application that makes an API call must be registered with IBM SmartCloud
for Social Business. SmartCloud for Social Business registers this new application (called Internal App
) and hands out the OAuth credentials. The registration is a one-time process.
2. Step 2: Obtain authorization code
The authorization check is a browser based operation in which resource owners log in and grant application access to their IBM SmartCloud
for Social Business data.
3. Step 3: Exchange authorization code for access and refresh tokens
After resource owners are authenticated and granted access, they can exchange the authorization code for an access and a refresh token. Each token is associated with a single user (also called a subscriber) and a single application that wants to access protected resources in IBM SmartCloud
for Social Business.
4. Step 4: Use the access token to allow API access
Now that the access token is available, you can make the API call. Be sure to include the access token in the authorization header when you invoke the API.
5. Step 5: Get a new access token after the access token has expired
After the original access token expires, resource owners can use their refresh tokens to get a new access token. Using the new access token, they can access the protected resources on IBM SmartCloud
for Social Business from the application.