Trying out OAuth2 via CURL

During development, it happens that you quickly want to try out a RESTful request. If you are running this request against an OAuth2 protected resource, you’ll need an access_token. So what is the easiest approach to get one? Unfortunately, OAuth2 is not supported just like Basic Authentication in the browser. The easiest option I’ve found is using CURL, the command-line utility for HTTP requests.

To get an access token for user demo and password 1234, I simply use the OAuth2 Resource Owner Password flow. Keep in mind, the token endpoint would need to be HTTPS in production, but for development this is fine:

The responsen will be the usual one:

Next, if you want to access a protected resource you have to pass the Authorization header. Let’s access our “current user” resource:

And the Response will be similar to this:

I hope you find this pretty straightforward, too!

Tell us what you think:

One thought on “Trying out OAuth2 via CURL

  1. shyam says:

    I got the following response for my client_crednetials access token request.
    How do I debug this? I got a 443 error.. I did try a get request for the oauth/token url and I got a 404 error from the host site so I understand that the request hits the web server and that I am not blocked by any firewall rule.

    curl -X POST -d “client_id=qwer1234&client_secret=fdswer234&grant_type=client_credentials&scope=qwer:read” https://api.xyz.com/oauth/token

    curl: (7) Failed to connect to api.xyz.com port 443: Timed out

Comments are closed.