OAuth flow

Below is a description of each step in the OAuth authorization code flow (and refresh token flow).

This endpoint is triggered by the user opening this page in their browser with the following query parameters in the URL. The user will be presented with the option to authorize your app access to the user's Med2Lab account. If approved, your app will receive an authorization code in return. In the next request, you will exchange that code for an actual access token via a server-side call.

Initialize OAuth flow.

POST http://dev-api.med2lab.com/o/token/

Redirect the user to this URL with the following query parameters to start the OAuth flow. Once the user approves access (or if they have already approved), the user will be redirected to the appropriate redirect URI (specified in the app's configuration) with an authorization code that can be exchanged for an access token.

Request Body

Name

Type

Description

grant_type*

string

Authorization code

username*

string

user name

password*

string

password

client_id*

string

App ID

client_secret*

App Secret

{
    "access_token": "k5XBpu3GGIAgSpm4Z4Al8nDsWLkvF0",
    "expires_in": 36000,
    "token_type": "Bearer",
    "scope": "read write",
    "refresh_token": "88eoh1kVZFQcVEX0Zz29Urd4IQ6G2r"
}

Example

Lets setup the HTTP POST request

In the Body tab, enter your credentials as bellow.

grant_type: password
client_id: <client_id>
client_secret: <client_secret>
username: <username>
password: <password>

curl --location 'http://dev-api.med2lab.com/o/token/' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=<user_name>' \
--data-urlencode 'password=<password>' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'client_secret=<client_secret>'

import http.client

conn = http.client.HTTPSConnection("dev-api.med2lab.com")
payload = 'grant_type=password&username=<user_name>&&password=<password>&client_id=<client_id>&client_secret=<client_secret>'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded'
}
conn.request("POST", "/o/token/", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))


package main

import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
)

func main() {

  url := "http://dev-api.med2lab.com/o/token/"
  method := "POST"

  payload := strings.NewReader("grant_type=password&username=<user_name>&password=<password>&client_id=<client_id>&client_secret=<client_secret>")

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
  req.Header.Add("Authorization", "Bearer BylZux9z7tL84NKu2hewgZZFXeiDp4")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "http://dev-api.med2lab.com/o/token/");
var collection = new List<KeyValuePair<string, string>>();
collection.Add(new("grant_type", "password"));
collection.Add(new("username", <user_name>));
collection.Add(new("password", "<password>"));
collection.Add(new("client_id", "<client_id>"));
collection.Add(new("client_secret", "<client_secret>"));
var content = new FormUrlEncodedContent(collection);
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());

PreviousOAuth Tokens NextAPI Reference

Last updated 2 years ago