Make the Authorization Request
ManageEngineAppCreator uses the authorization code grant type. A client application will therefore require an authorization code to get an access token. Generating this code differs based on the client type:
Generating the authorization code is a one-time process provided you generate the access and refresh tokens before it expires.
To generate authorization code for a server-based client application
A web server-based client application is one that is used by multiple users and requires user intervention during authorization. To generate the authorization code for this type of client, you must use redirection-based code generation. The authorization flow is as follows:
- The client makes an authorization request to the resource owner by accessing the URL:
https://appcreatordemo.manageengine.com/iam/oauth/v2/auth?response_type=code&client_id=<client_id>&scope=<scope>&redirect_uri=<redirect_uri>&access_type=offlinewhere,
Parameter Type Description client_id mandatory The client ID that was generated when you registered the client application. scope mandatory The ManageEngineAppCreator scope that you want to access. redirect_uri mandatory One of the authorized redirect URIs that you associated while registering the client application. access_type optional Its value can be offline or online. When you set it as offline, you will receive a refresh token along with an access token only the first time you make this request. prompt optional Its value must be consent. Including this parameter will make the requesting user's consent mandatory whenever they request an access token (using their refresh token). - Upon clicking Accept the request will be approved and the user will be redirected back to the URI of the client application (that was specified in the previous step) with keys in the query string. For example:
https://www.zylker.com/callback?code=1000.xxxxxxxxe1a88.xxxxxxxx40a3&location=us&accounts-server=https%3A%2F%2Faccounts.manageegine.com
Key in response Description code This will contain the short-lived grant token that will be required to generate the access and refresh tokens. location This will contain the domain location of the requesting user. accounts-server This is the ManageEngine Accounts URL where the access and refresh token can be generated for the requesting user. Note- The authorization code will be valid for 1 minute
- If the user rejects the authorization request, they'll be redirected to the URI of the client application (that was specified in the previous step) with error=access_denied in the query string
To generate authorization code for a self client
A self client is an application that does not have a domain and a redirect URI. You can also identify a standalone server-side application performing a back-end job as a self-client.
- Go to host:port/iam/developerconsole and register a self-client.
- Navigate to the Generate Code tab.
- Enter the required scopes, comma-separated.
- Select the time duration for which you want the authorization code to be valid.
- (Optional) Enter the scope description.
- Click CREATE. The authorization code will be generated and displayed in a pop-up: