Role of Oauth in Fineract
Typical Scenario:
Step 1 – Service shows grant token and client credentials ,define scopes
Step 2 – Service gets access token
Step 3 – Service makes a call to the API
Step 4 – Service gets data
Step 5 - Observer token and refresh on demand
OAuth 2.0
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. An OAuth 2.0 Server is a piece of software that implements network protocol flows which allows a client (piece of software) to act on behalf of a user.
Fineract Security settings are supplied here. We can define the Oauth and Basic Auth realm settings.
The Oauth Client data is not defined in the xml file it is found here if adding more client we can simply use a query like this
INSERT INTO `oauth_client_details` (`client_id`, `client_secret`, `scope`, `authorized_grant_types`) VALUES ('community-app', '123', 'all', 'password,refresh_token');
Services to communicate with fineract may also follow the similar workflow.
Last updated