It turned out that client credentials flow is a good fit for the hybris OCC Web Services after all :-) So my recent post is somewhat outdated… we use the client credentials flow now to secure new customer registration via the API. It’s a good use of this flow as only a client should be able to access the customer registration resource. It also enables us to track where new customers come from in the future.
As I had to update the documentation, I also quickly checked if I could make this work from CURL on the command line. Very easy:
curl -X POST -d "client_id=mobile_android&client_secret=secret&grant_type=client_credentials" http://localhost:9001/rest/oauth/token
As always, keep in mind that we’re using HTTP instead of HTTPS only during development, in production you want to secure the token endpoint via HTTPS! Anyway, the server will respond with the usual response:
{ "access_token": "b4dc1410-6b15-4a7c-bd22-1abea1f0fa3a", "token_type": "bearer", "expires_in": 42921 }
Easy.
Comments are closed.