Oauth2 using authorization code

[LuckyRiver]

14 hours ago, bfarber said:

By default OAuth connections require https. If you are testing locally and wish to disable this requirement, you can set the following in constants.php

define( 'OAUTH_REQUIRES_HTTPS', false );

We do not recommend doing this on a production environment.

 

21 hours ago, newbie LAC said:

 

 

 

---

I've created an OAuth Client with settings as on your screenshots

I've also changed in conf_global.php

  'base_url' => 'http://localhost/ips/',

to 

  'base_url' => 'https://localhost/ips/',

https://localhost/ips/oauth/authorize/?response_type=code&client_id=7b298e0a123154ac43d0abf0210fc87e&redirect_uri=https://localhost/ips/oauth/callback&scope=profile

 

 

 

Both answers worked. It was the https issue configuration I needed to do either in conf_global.php and init.php. What's a relief!

Thanks to (Mark, bfarber and newbie LAC) for helping me  troubleshouting this issue.

Now, I can go further to retrieve the code back from the authorize response to ask for an access token so I can get a poker demo using Oauth2 Authorization Code done!

Stay tuned!

Thanks!

 

[Mark]

On 4/6/2019 at 12:12 AM, bfarber said:

By default OAuth connections require https. If you are testing locally and wish to disable this requirement, you can set the following in constants.php

define( 'OAUTH_REQUIRES_HTTPS', false );

We do not recommend doing this on a production environment.

Just to go a bit stronger on this...

DO NOT UNDER ANY CIRCUMSTANCES ENABLE THAT ON A LIVE SITE - THE WORLD WILL DISSOLVE INTO CHAOS AND FIRE

Seriously though: treat access tokens like passwords or credit card numbers. Never send them over unsecured connection.