{ "info": { "_postman_id": "0ab9d26c-85be-41f7-9972-5020a966935a", "name": "Laserfiche OAuth 2.0 Authorization Server API", "description": "An ASP.NET Core web API for Laserfiche OAuth 2.0 Authorization Server

Build# : 45eda48567728b81a9b70dffdea652497b30d078_.20240409.2

", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "35177085" }, "item": [ { "name": "Authorize", "item": [ { "name": "Initiate the authorization code flow.", "request": { "auth": { "type": "basic", "basic": [ { "key": "username", "value": "{{basicAuthUsername}}", "type": "string" }, { "key": "password", "value": "{{basicAuthPassword}}", "type": "string" } ] }, "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/Authorize?client_id=&redirect_uri=&response_type=&state=&code_challenge=&code_challenge_method=&scope=", "host": [ "{{baseUrl}}" ], "path": [ "Authorize" ], "query": [ { "key": "client_id", "value": "", "description": "The Client ID returned when the application was registered." }, { "key": "redirect_uri", "value": "", "description": "The URI to which the OAuth service redirects after the authorization is performed successfully. It should be equal to one of the Redirect URIs specified at the application registration time." }, { "key": "response_type", "value": "", "description": "Used by the application to inform the authorization server of the desired grant type. The value MUST be \"code\"." }, { "key": "state", "value": "", "description": "The state of the application. This is intended to help the application manage its state during the request and callback." }, { "key": "code_challenge", "value": "", "description": "A code challenge used in PKCE extension. This is required for SPAs and optional for Web Applications." }, { "key": "code_challenge_method", "value": "", "description": "The code challenge method. This is required if a code challenge is used. The value MUST be \"S256\"." }, { "key": "scope", "value": "", "description": "Specifies the requested scopes for the authorization request. Scopes are case-sensitive and space-delimited." } ] }, "description": "- A registered Web Application or SPA can call this endpoint to start the OAuth authorization code flow by getting an authorization code.\n- A SPA must use the PKCE extension." }, "response": [ { "name": "In the case where it gets redirected to an error page, the request fails due to a missing, invalid, or mismatching redirection URI, or that the client ID is missing or invalid.", "originalRequest": { "method": "GET", "header": [ { "description": "Added as a part of security scheme: basic", "key": "Authorization", "value": "Basic " } ], "url": { "raw": "{{baseUrl}}/Authorize?client_id=&redirect_uri=&response_type=&state=&code_challenge=&code_challenge_method=&scope=", "host": [ "{{baseUrl}}" ], "path": [ "Authorize" ], "query": [ { "key": "client_id", "value": "", "description": "The Client ID returned when the application was registered." }, { "key": "redirect_uri", "value": "", "description": "The URI to which the OAuth service redirects after the authorization is performed successfully. It should be equal to one of the Redirect URIs specified at the application registration time." }, { "key": "response_type", "value": "", "description": "Used by the application to inform the authorization server of the desired grant type. The value MUST be \"code\"." }, { "key": "state", "value": "", "description": "The state of the application. This is intended to help the application manage its state during the request and callback." }, { "key": "code_challenge", "value": "", "description": "A code challenge used in PKCE extension. This is required for SPAs and optional for Web Applications." }, { "key": "code_challenge_method", "value": "", "description": "The code challenge method. This is required if a code challenge is used. The value MUST be \"S256\"." }, { "key": "scope", "value": "", "description": "Specifies the requested scopes for the authorization request. Scopes are case-sensitive and space-delimited." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "In the case where the query parameter `code` is not present in the redirected URI, a query parameter `error` is returned indicating the issue encountered:\n\n* invalid_request: The request is missing a required parameter.\n\n* access_denied: The resource owne", "originalRequest": { "method": "GET", "header": [ { "description": "Added as a part of security scheme: basic", "key": "Authorization", "value": "Basic " } ], "url": { "raw": "{{baseUrl}}/Authorize?client_id=&redirect_uri=&response_type=&state=&code_challenge=&code_challenge_method=&scope=", "host": [ "{{baseUrl}}" ], "path": [ "Authorize" ], "query": [ { "key": "client_id", "value": "", "description": "The Client ID returned when the application was registered." }, { "key": "redirect_uri", "value": "", "description": "The URI to which the OAuth service redirects after the authorization is performed successfully. It should be equal to one of the Redirect URIs specified at the application registration time." }, { "key": "response_type", "value": "", "description": "Used by the application to inform the authorization server of the desired grant type. The value MUST be \"code\"." }, { "key": "state", "value": "", "description": "The state of the application. This is intended to help the application manage its state during the request and callback." }, { "key": "code_challenge", "value": "", "description": "A code challenge used in PKCE extension. This is required for SPAs and optional for Web Applications." }, { "key": "code_challenge_method", "value": "", "description": "The code challenge method. This is required if a code challenge is used. The value MUST be \"S256\"." }, { "key": "scope", "value": "", "description": "Specifies the requested scopes for the authorization request. Scopes are case-sensitive and space-delimited." } ] } }, "status": "Found", "code": 302, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] } ] }, { "name": "Token", "item": [ { "name": "Request for an access token.", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Accept", "value": "application/json" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "account_id", "value": "" }, { "key": "client_id", "value": "", "description": "The Client ID returned when the application was registered." }, { "key": "grant_type", "value": "", "description": "The value MUST be either of \"authorization_code\", \"refresh_token\", or \"client_credentials\"." }, { "key": "code", "value": "", "description": "The authorization code returned by the authorization server in the first step of the authorization code flow." }, { "key": "redirect_uri", "value": "", "description": "This should be equal to the Redirect URI sent to /authorize endpoint in the first step of the authorization code flow." }, { "key": "client_secret", "value": "" }, { "key": "scope", "value": "", "description": "The scope of the requested access token in the client credentials flow. Scopes are case-sensitive and space-delimited." }, { "key": "refresh_token", "value": "", "description": "The refresh token, which can be used to obtain new access tokens." }, { "key": "code_verifier", "value": "", "description": "A code verifier, used to verify the code_challenge sent to /authorize endpoint in the first step of the authorization code flow." } ] }, "url": { "raw": "{{baseUrl}}/Token", "host": [ "{{baseUrl}}" ], "path": [ "Token" ] }, "description": "- Use authCode to get an access token for the authorization code flow. This uses grant_type, code, and redirect_uri. The client ID and client secret are taken from the Basic auth header for web applications. For SPAs, the client ID should be in the request body. After getting the authorization code, the application can exchange the code for an access token by calling this endpoint. Authorization code has a short lifetime of around 10 minutes. If it is not used within its lifetime, it will expire and the application should restart the authorization code flow.\n- Use refreshToken to get a new access token for the authorization code flow. This uses grant_type and refresh_token. The client ID and client secret are taken from the Basic auth header for web applications. For SPAs, the client ID should be in the request body.\n- Use Bearer header to generate an access token for the client credentials flow. This uses grant_type and bearer auth header." }, "response": [ { "name": "Untitled Response", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Accept", "value": "application/json" }, { "description": "Added as a part of security scheme: basic", "key": "Authorization", "value": "Basic " } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "account_id", "value": "" }, { "key": "client_id", "value": "", "description": "The Client ID returned when the application was registered." }, { "key": "grant_type", "value": "", "description": "The value MUST be either of \"authorization_code\", \"refresh_token\", or \"client_credentials\"." }, { "key": "code", "value": "", "description": "The authorization code returned by the authorization server in the first step of the authorization code flow." }, { "key": "redirect_uri", "value": "", "description": "This should be equal to the Redirect URI sent to /authorize endpoint in the first step of the authorization code flow." }, { "key": "client_secret", "value": "" }, { "key": "scope", "value": "", "description": "The scope of the requested access token in the client credentials flow. Scopes are case-sensitive and space-delimited." }, { "key": "refresh_token", "value": "", "description": "The refresh token, which can be used to obtain new access tokens." }, { "key": "code_verifier", "value": "", "description": "A code verifier, used to verify the code_challenge sent to /authorize endpoint in the first step of the authorization code flow." } ] }, "url": { "raw": "{{baseUrl}}/Token", "host": [ "{{baseUrl}}" ], "path": [ "Token" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"access_token\": \"\",\n \"expires_in\": \"\",\n \"token_type\": \"\",\n \"refresh_token\": \"\",\n \"scope\": \"\"\n}" }, { "name": "Error codes returned in the `Bad Request` response:\n\n* invalid_request: The request is missing a required parameter, includes an unsupported parameter value (other than grant type) or is malformed.\n\n* invalid_grant: The provided authorization grant (e.g.,", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Accept", "value": "application/json" }, { "description": "Added as a part of security scheme: basic", "key": "Authorization", "value": "Basic " } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "account_id", "value": "" }, { "key": "client_id", "value": "", "description": "The Client ID returned when the application was registered." }, { "key": "grant_type", "value": "", "description": "The value MUST be either of \"authorization_code\", \"refresh_token\", or \"client_credentials\"." }, { "key": "code", "value": "", "description": "The authorization code returned by the authorization server in the first step of the authorization code flow." }, { "key": "redirect_uri", "value": "", "description": "This should be equal to the Redirect URI sent to /authorize endpoint in the first step of the authorization code flow." }, { "key": "client_secret", "value": "" }, { "key": "scope", "value": "", "description": "The scope of the requested access token in the client credentials flow. Scopes are case-sensitive and space-delimited." }, { "key": "refresh_token", "value": "", "description": "The refresh token, which can be used to obtain new access tokens." }, { "key": "code_verifier", "value": "", "description": "A code verifier, used to verify the code_challenge sent to /authorize endpoint in the first step of the authorization code flow." } ] }, "url": { "raw": "{{baseUrl}}/Token", "host": [ "{{baseUrl}}" ], "path": [ "Token" ] } }, "status": "Bad Request", "code": 400, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"type\": \"\",\n \"title\": \"\",\n \"status\": \"\",\n \"detail\": \"\",\n \"instance\": \"\",\n \"error\": \"\",\n \"error_description\": \"\",\n \"eiusmod_0c1\": {\n \"nullable\": true\n }\n}" }, { "name": "Error code = `invalid_client`. Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Accept", "value": "application/json" }, { "description": "Added as a part of security scheme: basic", "key": "Authorization", "value": "Basic " } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "account_id", "value": "" }, { "key": "client_id", "value": "", "description": "The Client ID returned when the application was registered." }, { "key": "grant_type", "value": "", "description": "The value MUST be either of \"authorization_code\", \"refresh_token\", or \"client_credentials\"." }, { "key": "code", "value": "", "description": "The authorization code returned by the authorization server in the first step of the authorization code flow." }, { "key": "redirect_uri", "value": "", "description": "This should be equal to the Redirect URI sent to /authorize endpoint in the first step of the authorization code flow." }, { "key": "client_secret", "value": "" }, { "key": "scope", "value": "", "description": "The scope of the requested access token in the client credentials flow. Scopes are case-sensitive and space-delimited." }, { "key": "refresh_token", "value": "", "description": "The refresh token, which can be used to obtain new access tokens." }, { "key": "code_verifier", "value": "", "description": "A code verifier, used to verify the code_challenge sent to /authorize endpoint in the first step of the authorization code flow." } ] }, "url": { "raw": "{{baseUrl}}/Token", "host": [ "{{baseUrl}}" ], "path": [ "Token" ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"type\": \"\",\n \"title\": \"\",\n \"status\": \"\",\n \"detail\": \"\",\n \"instance\": \"\",\n \"error\": \"\",\n \"error_description\": \"\",\n \"eiusmod_0c1\": {\n \"nullable\": true\n }\n}" } ] } ] } ], "auth": { "type": "basic", "basic": [ { "key": "username", "value": "{{basicAuthUsername}}", "type": "string" }, { "key": "password", "value": "{{basicAuthPassword}}", "type": "string" } ] }, "variable": [ { "key": "baseUrl", "value": "https://signin.laserfiche.com/oauth" } ] }