OAuth2 Authentication

Setup credentials following the instructions on Configuration. When you have obtained a client_id and a client_secret you can try out OAuth 2.0 resapi/1.0/common/oauth2 flow goes as follows to get authorized:

Note

OAuth endpoints:

1. GET {your_Odoo_server_url}/restapi/1.0/common/oauth2/authorize (Resource Owner Authorization endpoint)
2. POST {your_Odoo_server_url}/restapi/1.0/common/oauth2/access_token (Token Credentials Request endpoint)

1. Resource Owner Authorization

User authorization through redirection. First we will create an authorization url from the base URL given by the Odoo and the credentials previously obtained.

GET /restapi/1.0/common/oauth2/authorize

Request:

GET /restapi/1.0/common/oauth2/authorize HTTP/1.1
Host: {your_Odoo_server_url}
Authorization: OAuth client_id='uwCrAHAQbL7D9cvJLIztNaZ0bziEGMDh',
                     state='Y1Ux1iNPvn6KYQK5Lj84WJ9VJrQw1L',
                     redirect_uri='https%3A%2F%2F127.0.0.1%2Fcallback',
                     response_type='code'

Response:

HTTP/1.1 200 OK

{
  'code': 'dcee1806d2c50d0fb598',
  'state': 'Y1Ux1iNPvn6KYQK5Lj84WJ9VJrQw1L'
}

Query Parameters:  

• client_id – Odoo consumer key
• state – Specifies any additional URL-encoded state data to be returned in the callback URL after approval.
• redirect_uri – An absolute URL to which the Odoo will redirect the User back when the obtaining User Authorization step is completed.
• response_type – Must be code for this authentication flow.

Request Headers:  

• Accept – the response content type depends on Accept header
• Authorization – The OAuth protocol parameters to authenticate.

Response Headers:  

• Content-Type – this depends on Accept header of request

Status Codes:

• 200 OK – no error
• 404 Not Found – there’s no resource
• 401 Unauthorized – authentication failed

2. Token Credentials Request

Fetch an access token from the Odoo using the authorization code obtained during user authorization.

POST /restapi/1.0/common/oauth2/access_token

Request:

POST /restapi/1.0/common/oauth2/access_token HTTP/1.1
Host: {your_Odoo_server_url}
Authorization: OAuth client_id='uwCrAHAQbL7D9cvJLIztNaZ0bziEGMDh',
                     client_secret='FtHzOQVEs0aSEL9AXuIe9k7X6E2MekU7',
                     redirect_uri='https%3A%2F%2F127.0.0.1%2Fcallback',
                     code='dcee1806d2c50d0fb598'
                     grant_type='authorization_code'

Response:

HTTP/1.1 200 OK

{
  'access_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIn',
  'token_type': 'bearer',
  'access_token_validity': '7/20/2017 12:00:05',
  'refresh_token': 'ZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ'
}

Query Parameters:  

• client_id – Odoo consumer key
• client_secret – Odoo consumer secret
• redirect_uri – An absolute URL to which the Odoo will redirect the User back when the obtaining User Authorization step is completed.
• code – Authorization code the consumer must use to obtain the access and refresh tokens.
• grant_type – Value must be authorization_code for this flow.

Request Headers:  

• Accept – the response content type depends on Accept header
• Authorization – The OAuth protocol parameters to authenticate.

Response Headers:  

• Content-Type – this depends on Accept header of request

Status Codes:

• 200 OK – no error
• 404 Not Found – there’s no resource
• 401 Unauthorized – authentication failed