OAuth2 Authentication

Setup credentials following the instructions on Configuration. When you have obtained a client_id and a client_secret you can try out OAuth 2.0 resapi/1.0/common/oauth2 the flow goes as follows to get authorized:

Note

OAuth endpoints:

1. GET {your_Odoo_server_url}/restapi/1.0/common/oauth2/authorize (Resource Owner Authorization endpoint)

2. POST {your_Odoo_server_url}/restapi/1.0/common/oauth2/access_token (Token Credentials Request endpoint)

1. Resource Owner Authorization

User authorization through redirection. First, we will create an authorization URL from the base URL given by Odoo and the credentials previously obtained.

GET /restapi/1.0/common/oauth2/authorize

Request:

GET /restapi/1.0/common/oauth2/authorize HTTP/1.1
Host: {your_Odoo_server_url}
Authorization: OAuth client_id='uwCrAHAQbL7D9cvJLIztNaZ0bziEGMDh',
                     state='Y1Ux1iNPvn6KYQK5Lj84WJ9VJrQw1L',
                     redirect_uri='https%3A%2F%2F127.0.0.1%2Fcallback',
                     response_type='code'

Response:

HTTP/1.1 200 OK

{
  'code': 'dcee1806d2c50d0fb598',
  'state': 'Y1Ux1iNPvn6KYQK5Lj84WJ9VJrQw1L'
}

Query Parameters:

• client_id – Odoo consumer key

• state – Specifies any additional URL-encoded state data to be returned in the callback URL after approval.

• redirect_uri – An absolute URL to which the Odoo will redirect the User back when the obtaining User Authorization step is completed.

• response_type – This must be code for this authentication flow.

Headers and Status Codes	Description
Request Headers	Accept – the response content type depends on Accept header Authorization – The OAuth protocol parameters to authenticate.
Response Headers	Content-Type – this depends on Accept header of the request
Status Codes	200 OK – no error 404 Not Found – there’s no resource 401 Unauthorized – authentication failed

2. Token Credentials Request

Fetch an access token from the Odoo using the authorization code obtained during user authorization.

POST /restapi/1.0/common/oauth2/access_token

Request:

POST /restapi/1.0/common/oauth2/access_token HTTP/1.1
Host: {your_Odoo_server_url}
Authorization: OAuth client_id='uwCrAHAQbL7D9cvJLIztNaZ0bziEGMDh',
                     client_secret='FtHzOQVEs0aSEL9AXuIe9k7X6E2MekU7',
                     redirect_uri='https%3A%2F%2F127.0.0.1%2Fcallback',
                     code='dcee1806d2c50d0fb598'
                     grant_type='authorization_code'

Response:

HTTP/1.1 200 OK

{
  'access_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIn',
  'token_type': 'bearer',
  'access_token_validity': '7/20/2017 12:00:05',
  'refresh_token': 'ZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ'
}

Query Parameters:

• client_id – Odoo consumer key

• client_secret – Odoo consumer secret

• redirect_uri – An absolute URL to which the Odoo will redirect the User back when the obtaining User Authorization step is completed.

• code – Authorization code the consumer must use to obtain access and refresh tokens.

• grant_type – Value must be authorization_code for this flow.

Headers and Status Codes	Description
Request Headers	Accept – the response content type depends on Accept header Authorization – The OAuth protocol parameters to authenticate.
Response Headers	Content-Type – this depends on Accept header of the request
Status Codes	200 OK – no error 404 Not Found – there’s no resource 401 Unauthorized – authentication failed