This section will guide you through the authentication flow of OrangeHRM Starter and provide instructions on obtaining an access token
OAuth 2.0
OrangeHRM Starter 5.x utilizes the standard Authorization Code with PKCE flow in order to authorize external API requests.
This flow is supported by OrangeHRM Starter 5.4 and above
Terminology
You will now be introduced to some of the main terminology that will be used to describe the above flow:
| Term | Meaning |
|---|---|
| Client | The third party application you will be integrating with the OrangeHRM Starter REST API |
| Authorization Server | The OrangeHRM Starter Web Application |
| Authorization Code | A code which will be provided by the client in order to obtain the access token |
| Access Token | The token which will enable the client to make API request |
PKCE 🧚
This stands for Proof Key for Code Exchange and is used in order to protect the authorization code flow from authorization code interception attacks. The flow is mainly facilitated by generating a code verifier and a code challenge.
Check out these references!
Libraries
Here are some libraries we recommend for implementing an OAuth Client
For more libraries check out this list on oauth.net
Prerequisites
Some prerequisites need to be configured before obtaining an access token.