To illustrate the responses we get from the OAuth 2.0 protocol a little bit, let's take a look at the following request made on the command line:
curl -XGET http://zf2-api/api/wall/tbhot3ww
If we try to get the wall of a user without specifying the OAuth 2.0 access token as we did in the preceding curl
request, we will receive the following response:
{"errorCode":401,"errorMsg":"Unauthorized"}
Now let's try to follow the OAuth 2.0 flow in order to make a successful request. The first thing we need to do is log in to the system and get a
l -XPOST http://zf2-api/api/users/login --data-urlencode "username=tbhot3ww" --data-urlencode "password=111111" --data-urlencode "grant_type=client_credentials" --data-urlencode "client_id=zf2-client" --data-urlencode "client_secret=mysupersecretpass"
As you can see, we are sending the username
, password
, grant_type
, client_id
, and the client_secret
parameters in the curl
request. On our PHP code, the ApiClient
object is taking...