1
00:00:00,300 --> 00:00:07,230
Now, in this lecture, let's try to get an authorization code, followed by access token by leveraging

2
00:00:07,230 --> 00:00:12,690
that claim to details on the user details that we have created in the previous lecture.

3
00:00:12,870 --> 00:00:18,270
So, as you know, you're not to know what role the endpoint you are and supported by our key clock.

4
00:00:18,540 --> 00:00:23,730
We can invoke this URL with the get mateur since it is a get method.

5
00:00:23,730 --> 00:00:30,690
I pasted that in the browser, and you can see it gives all the details about the endpoint to what else

6
00:00:30,690 --> 00:00:36,690
that is exposed by my key Glock's hour, like we were discussing in the open, I reconnect with the

7
00:00:36,690 --> 00:00:43,410
openi reconnect your key Glock's our or any identity and access management product.

8
00:00:43,650 --> 00:00:51,910
They will expose a dedicated user info API to know the user identity details coming to the automation

9
00:00:51,960 --> 00:00:53,250
core to grant flow.

10
00:00:53,370 --> 00:01:00,240
First, we need to get an to code so far that the endpoint to all that we have to use is the authorization

11
00:01:00,240 --> 00:01:00,960
endpoint.

12
00:01:01,200 --> 00:01:03,750
So we can take this endpoint to Warrell.

13
00:01:04,080 --> 00:01:08,760
And I came to the Bozeman application and pasted that endpoint to Aurel.

14
00:01:08,880 --> 00:01:15,870
And since we have to invoke this endpoint too early to get method, you can see here I can pass all

15
00:01:15,870 --> 00:01:18,780
the parameters that are needed by my key blocks away.

16
00:01:19,230 --> 00:01:22,710
First, the claim data, how to argue during the first step.

17
00:01:22,720 --> 00:01:24,700
You don't have to share BECKLIN secret.

18
00:01:24,720 --> 00:01:27,150
You just have to give the client ID.

19
00:01:27,540 --> 00:01:33,240
The client I.D. can be identified by going to the client and clicking easy up client.

20
00:01:33,270 --> 00:01:34,980
So this is the client ID.

21
00:01:35,490 --> 00:01:39,340
So just pass the client ID and response type.

22
00:01:39,360 --> 00:01:43,560
We have to tell that I'm expecting an authorization code.

23
00:01:43,890 --> 00:01:50,670
So we need to mention if BATAM response type is a call to code and scope is open and redirect, UARS

24
00:01:50,670 --> 00:01:56,880
should match with what we configure, which is localhost eighty eight to one sample post that we can

25
00:01:56,880 --> 00:01:58,620
mention the state param also.

26
00:01:58,800 --> 00:02:03,960
So this is just like a C srf token to a white C SRF security issues.

27
00:02:04,230 --> 00:02:10,830
So you can to any random generator value here, but this is completely optional.

28
00:02:10,830 --> 00:02:13,320
Even if you don't do this also, it will work.

29
00:02:13,620 --> 00:02:16,170
But for now, I'm just giving a random value around it.

30
00:02:16,290 --> 00:02:24,570
So once you populated all these under Paton's, you get you are will become like this where all your

31
00:02:24,570 --> 00:02:25,740
patterns are appended.

32
00:02:25,740 --> 00:02:28,890
Like you can see client ID response type is equal to code.

33
00:02:28,890 --> 00:02:31,290
Scope is called open, any redirect you ordered.

34
00:02:31,500 --> 00:02:34,200
So now I cannot really invoke this.

35
00:02:34,210 --> 00:02:35,850
You are with the postman.

36
00:02:35,850 --> 00:02:42,870
The reason is as soon as I invoke this, you are a little login page and I can't login through Bowsman.

37
00:02:43,110 --> 00:02:49,060
So for that reason, I take this and point to Warrell, which I built with the help of Bowsman.

38
00:02:49,290 --> 00:02:55,890
And since this, you are an accep get method, I can go and paste it in the browser as soon as the base

39
00:02:55,890 --> 00:02:57,270
turn on the click enter.

40
00:02:57,510 --> 00:03:03,900
You can see I got a login page which inbuilt provided by my key closo.

41
00:03:04,410 --> 00:03:10,110
So here I have to give the user details that I have created.

42
00:03:10,350 --> 00:03:14,880
The user that I created these accounts and the password is one, two, three, four, five.

43
00:03:15,270 --> 00:03:20,850
And any identity and access management server, including key log.

44
00:03:21,090 --> 00:03:25,320
They also give flexibility to change this login page aspart.

45
00:03:25,320 --> 00:03:27,990
You are business organization requirement.

46
00:03:28,170 --> 00:03:33,600
So that user doesn't have to feel that they are trying to login into a different application.

47
00:03:33,810 --> 00:03:36,150
But since now we are just for testing.

48
00:03:36,390 --> 00:03:41,220
I'm just going and using the default login page as soon as I click sign in.

49
00:03:41,430 --> 00:03:43,830
You can see I got an error page.

50
00:03:43,830 --> 00:03:46,240
The reason is my geek closo.

51
00:03:46,240 --> 00:03:54,930
So after successful authentication, it redirected to the redirected page, which is localhost 881 sample.

52
00:03:55,170 --> 00:04:01,380
And here it is, passing the same state value that I passed to confirm there is no Kassav token issue.

53
00:04:01,650 --> 00:04:06,180
And along with the session state, we also get a code.

54
00:04:06,450 --> 00:04:09,330
So we need code, which is operation call.

55
00:04:09,480 --> 00:04:13,140
So let's try to take the value present after code.

56
00:04:13,320 --> 00:04:21,450
So this alteration code, I'll take it and I'll go to Boston, where I can pass this operation code

57
00:04:21,450 --> 00:04:26,790
in the second step that we need to follow inside authorization grant type flow.

58
00:04:27,030 --> 00:04:33,330
So here the endpoint to all that we need to invoke to get the access token is last token like we did

59
00:04:33,330 --> 00:04:35,640
for our client counsel's grantee.

60
00:04:35,940 --> 00:04:43,350
So since it's post invocation and how to parse all my details in that bardy, so grant type is authorization

61
00:04:43,350 --> 00:04:45,120
code that we're trying to use here.

62
00:04:45,390 --> 00:04:49,010
And client ID, we have to correct it before that.

63
00:04:49,020 --> 00:04:51,300
Let me copy paste the code here.

64
00:04:51,330 --> 00:04:58,710
So now I need to take the client ID for the same I came to the key of the client is easy, you white

65
00:04:58,710 --> 00:04:59,310
client.

66
00:05:02,970 --> 00:05:06,830
And declined to secret can be identified under the credentials tab.

67
00:05:06,900 --> 00:05:12,270
So I'm just taking that and pasting another claim to secret and caught.

68
00:05:12,290 --> 00:05:14,910
We already populated and redirect.

69
00:05:14,940 --> 00:05:15,460
You are right.

70
00:05:15,480 --> 00:05:23,010
We already mention it is the correct one, only like localhost, 88 to one sample scope is opening.

71
00:05:23,580 --> 00:05:31,110
So with this, if I tried to invoke, I should get done successfulness once, but I'm getting an invalid

72
00:05:31,440 --> 00:05:31,920
quote.

73
00:05:31,920 --> 00:05:34,110
The reason is my code might tao expired.

74
00:05:34,320 --> 00:05:36,720
So let me try to get the code again.

75
00:05:36,990 --> 00:05:40,380
By invoking the same, you waddle through browser.

76
00:05:40,950 --> 00:05:43,920
So I'm just copy pasting and invoking.

77
00:05:44,100 --> 00:05:48,960
So since I already previously logged in this time, it's not asking me to log in again.

78
00:05:49,170 --> 00:05:51,900
So I'm just taking the code here.

79
00:05:52,380 --> 00:05:54,840
I'll pass that code here properly.

80
00:05:54,840 --> 00:05:57,450
This time I should get a proper response.

81
00:05:58,020 --> 00:06:03,750
So there you can see we got an access token, refresh token, I.D., token, everything.

82
00:06:03,930 --> 00:06:06,870
But now we are more into start with the access token.

83
00:06:07,140 --> 00:06:13,020
Let me take this access token and go to my account under authorization.

84
00:06:13,320 --> 00:06:19,380
I should give you this access token after beta space.

85
00:06:19,680 --> 00:06:25,990
So with this, if I tried to invoke, I should get a proper response and I got it, which is two hundred.

86
00:06:26,010 --> 00:06:26,460
OK.

87
00:06:26,700 --> 00:06:34,740
So this way we can consider authorization code grant type in order to get the authorization code initially.

88
00:06:35,010 --> 00:06:37,260
Was that using operation code?

89
00:06:37,530 --> 00:06:44,140
We can get an access token second time by passing client I.D. claim secret to that key.

90
00:06:44,140 --> 00:06:44,910
Glock's what?

91
00:06:45,270 --> 00:06:48,840
But can I go ahead and implement this approach?

92
00:06:49,080 --> 00:06:50,040
Exactly.

93
00:06:50,400 --> 00:07:00,230
Inside my UI angular application, I can't because I should not consider this approach inside my angular

94
00:07:00,250 --> 00:07:08,310
you way application, because this approach needed claim secret to be passed through my client application

95
00:07:08,310 --> 00:07:09,540
to keep Glock's over.

96
00:07:09,660 --> 00:07:14,280
But you all know our Web applications like angular applications.

97
00:07:14,550 --> 00:07:22,670
Anyone can see you are client I.D. and claim secret by looking at your JavaScript code are angular core

98
00:07:22,710 --> 00:07:24,030
inside your browser.

99
00:07:24,330 --> 00:07:28,440
But don't worry for client UI applications.

100
00:07:28,680 --> 00:07:36,300
We have one more flavor of operation, a grant type flow, which we can discuss in that next lecture.

101
00:07:36,660 --> 00:07:37,110
Thank you.

102
00:07:37,110 --> 00:07:37,560
And bite.