Godkendelse af OAuth-apps

Man kan aktivere organisationsmedlemmer til at godkende OAuth-appen.

When you build an OAuth app, implement the web application flow described below to obtain an authorization code and then exchange it for a token.

Request Authorization Code

You should redirect the user to the /oauth/authorize endpoint with the following GET parameters:

GET https://accounts.crowdin.com/oauth/authorize

Dette vil bede brugeren godkende app-adgang til vedkommendes konto baseret på anvendelsesområderne angivet i REQUESTED_SCOPES og derefter omdirigere tilbage til den REDIRECT_URI, der blev angivet ifm. oprettelsen af en app.

Parametre

Navn Parameter Beskrivelse
client_id string Krævet. You receive Client ID for the app when you register it.
redirect_uri string Krævet. The URL in your application where users will be sent after authorization.
response_type: code string Krævet. The parameter is used for the flow specification of an OAuth app.
scope string Krævet. Select the access your app requires from the list of scopes available. You can add multiple scopes separated by spaces (no need to use quotation marks).
state string An unguessable random string. Use it for extra protection against cross-site request forgery attacks.

The following Authorization Url will be created:

https://accounts.crowdin.com/oauth/authorize?client_id=m50YenPpqac8u5D4dnK&redirect_uri=https://impact-mobile.com/auth/crowdin&response_type=code&scope=project+tm&state=d131dd02c5e6eec4

After successful authorization users are redirected back to your site:

https://impact-mobile.com/auth/crowdin/?code=def50200df1fbb5ebac05f9288850d9e...0835bd3cf42&state=d131dd02c5e6eec4

If authorization has been declined, users are redirected to your website with an error:

https://impact-mobile.com/auth/crowdin/?error=access_denied&state=d131dd02c5e6eec4

Brugere omdirigeres tilbage til dit websted af Enterprise

Godkender en bruger appen, omdirigerer Enterprise tilbage til dit websted, og du kan udveksle den modtagne kode for et adgangstoken:

POST https://accounts.crowdin.com/oauth/token

Parametre

Navn Parameter Beskrivelse
grant_type: authorization_code string Krævet. The parameter is used for the flow specification of an OAuth app.
client_id string Krævet. You receive Client ID for the app when you register it.
client_secret string Krævet. You receive Client Secret for the app when you register it.
redirect_uri string Krævet. The URL in your application where users will be sent after authorization.
code string Krævet. Code received from the callback query string.

For example, request in curl takes the following form:

curl -X POST \ https://accounts.crowdin.com/oauth/token \ -H "content-type: application/json" \ -d "{ \"grant_type\":\"authorization_code\", \"client_id\":\"m50YenPpqac8u5D4dnK\", \"client_secret\":\"yz35kYtjox...YE9Am\", \"redirect_uri\":\"https://impact-mobile.com/auth/crowdin\", \"code\":\"def50200df1fbb5ebac05f9288850d9e...0835bd3cf42\" }"

Svar

By default, the response takes the following form:

{
    "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJS...lag1e_Zk4EdJ5diYfz0",
    "token_type":"bearer",
    "expires_in": 7200,
    "refresh_token": "b213c684ccaa7db1217e946e6ad...fff7ae"
}

Make Requests to the API with the Access Token Returned

Adgangstoken’et muliggør at fremsætte anmodninger til Enterprise API på vegne af den autoriserede bruger.

For example, in curl you can set the following Authorization header:

curl -H "Godkendelse: Indehaver ACCESS_TOKEN" https://<organization_domain>.api.crowdin.com/api/v2/projects

Refresh Token

The access token received after a user authorizes the app has an expiration time. Access token expires in the number of seconds defined in the response.

To refresh a token without requiring the user to be redirected, send a POST request with the following body parameters to the authorization server:

POST https://accounts.crowdin.com/oauth/token

Parametre

Navn Parameter Beskrivelse
grant_type: refresh_token string Krævet. The parameter is used for the flow specification of an OAuth app.
client_id string Krævet. You receive Client ID for the app when you register it.
client_secret string Krævet. You receive Client Secret for the app when you register it.
refresh_token string Krævet. Refresh token received from the last authorization response.

For example, request in curl takes the following form:

curl -X POST \ https://accounts.crowdin.com/oauth/token \ -H "content-type: application/json" \ -d "{ \"grant_type\":\"refresh_token\", \"client_id\":\"m50YenPpqac8u5D4dnK\", \"client_secret\":\"yz35kYtjox...YE9Am\", \"refresh_token\":\"b213c684ccaa7db1217e946e6ad...fff7ae\" }"

Svar

By default, the response takes the following form:

{
    "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJS...ZjFkMWI4OWFlIiwiaWF",
    "token_type":"indehaver",
    "expires_in": 7200,
    "refresh_token": "ea506ea4c37aa152f0a91ed2482...4a0c567"
}

Redirect URLs

Der kan registreres en eller flere omdirigerings-URL’er, når en OAuth-applikation oprettes i Enterprise.

Af sikkerhedshensyn, hvis URL’en ikke er inkluderet i Applikationsinfo, vil brugere ikke kunne omdirigere til denne URL efter godkendelse.

Var denne artikel nyttig?