Support for authorization code grant flow

[mfagadar]

I need to use this lib with an authorization API that implements the OAuth2 authorization code grant. Quoting from [http://bshaffer.github.io/oauth2-server-php-docs/overview/grant-types/] :

The Authorization Code grant type is the most common OAuth2.0 flow. It implements 3-Legged OAuth and involves the user granting the client an authorization code, which can be exchanged for an Access Token.

Is this possible / achievable with the current release and do you have any suggestions on how to do it ? Thank you.

[ruipenso]

Hi @mfagadar!

Right now, we don't support it. This feature needs to be discussed. Basically, a 3-Legged implementation needs to have:

1. A button to send the user to the "Application Authorization" page with a clientId and a state param.
2. The "Application Authorization" will use the clientId to get a code and send it back to a redirectUri.
3. Then, the code will be changed by a access_token.

What can we support?

1. We can add a directive to create the button.
2. We can add the authorize endpoint. This can be similiar to what we already have with the getAccessToken method.
3. This is done server-side, there's nothing we can do here.

I will discuss this with my team next week. If you have any suggestion just post them here.

[mfagadar]

@ruipenso, thank you for your answer! Your assessment is very accurate.

I was wondering if you need to handle the button case directly via a directive in the angular-oauth2 lib or if there is an option to just provide a function that initiates the authorization grant flow and sends the user to the application authorization page. If feasible, the latter approach would leave more freedom to style the UI.

[ruipenso]

@mfagadar The button directive can just handle the click, redirecting the user to the authorize uri.

Something like, <a oauth2-authorize-url>authorize</a> or <button oauth2-authorize-url>authorize</button>.