Example of working with OAuth2 in an API Platform

[cweinschenk]

NERIS uses OAuth2 for integration authentication. If you are using the /token endpoint, which is what the OAuth2 uses under the hood to authenticate clients and users, the grant_type must be in the Body and the client_id and client_secret must passed in as a Basic Auth header. To do this, remove the URL params and then move the grant_type to the Body section:

Next, add the client credentials into the Basic Auth header. To do this, change the Auth Type to Basic Auth and then put in your client_id in the Username field and the client_secret into the Password field:

This will return an access token that can be used in subsequent requests to the NERIS API, until that token expires. To use that token you will need to pass it in the Authorization header with the Auth Type as Bearer:

You can also set up the OAuth2 Authorization in an API platform tool like Postman, which will automatically call the /token endpoint and fetch and set the accessToken. However, you can only do this for endpoints that are not /token and endpoints that you have authorization to access. Here is an example of that using the List Entities endpoint: