apiary | |
Post | /oauth/apps/authorize |
Purpose
This WS is designed to authorize user's scopes. Requested scopes should be allowed for user role, client type and client's broker scopes
Request parameters
- access_token with scope "app:authorize" created for the user
- client_id
- redirect_uri
- scope
Validation
Validate token
extract user_id from token
...
- check $.redirect_uri in (SELECT connections.redirect_uri from clients join connections on clients.id = connections.client_id where clients.id=$.client_id)
- in case error return 401, "The redirection URI provided does not match a pre-registered value."
...
- check if $.scope is not null
- in case error return 422, "Requested scope is empty. Scope not passed or user has no roles or global roles."
Response
- 201, in case authorization_code created
- 4XX in other cases