Authorization OAuth 2.0 in Katalon Studio
OAuth 2.0 (Open Authorization 2.0), is an industry-standard protocol for authorization.
This guide illustrates how to use OAuth 2.0 in Katalon Studio.
Authorization Code: used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application gets the authorization code from the URL and use it to request an access token.
Password Credentials: used to exchange credentials of a user for an access token. Password credentials is the simplest OAuth grants and involves only one step: the application presents a traditional username and password login. Because the client application has to collect the password of a user and send it to the authorization server, password credentials is not recommended grant type.
Client Credentials: used by clients to obtain an access token outside of the context of a user.
Refresh Token: used by clients to exchange a refresh token for an access token when the access token has expired. Refresh token allows clients to continue to have a valid access token without further interaction with the user.
Callback URL: The client application callback URL to redirect to after OAuth authorization.
Auth URL: The endpoint for the API provider authorization server, which is used to retrieve the authorization code.
Access Token URL: The authentication server of the provider, which is used to exchange an authorization code for an access token.
State: An opaque value to prevent cross-site request forgery.
Consumer Key: The API key associated with the application (Twitter, Facebook, etc.). This key (or client ID, as Facebook calls it) is what identifies the client, which is a website/service that is trying to access the resources of an end-user.
Consumer Secret: The password of the client that is used to authenticate with the authentication server, which is a Twitter/Facebook/etc. server that authenticates the client.
Authorization code: A token represents the access granted by the end user, which is used to obtain an access token and a refresh token.
Scope: The scope of request access, which might include multiple space-separated values. This is a mechanism in OAuth 2.0 to limit application access to an account of a user.
Access Token: A string that the OAuth client uses to make requests to the resource server.
Refresh Token: A string that the OAuth client can use to get a new access token without the interaction of the user.
Use OAuth 2.0 authorization in Katalon Studio
This section shows you how to use OAuth 2.0 authorization in Katalon Studio.
To use OAuth 2.0 authorization in Katalon Studio, do as follows:
Example: Request token for Authorization Code grant type
For the Authorization Code grant type, the workflow is different.