App representing the third-party appSource:
The webfakes package comes with two fake apps that allow to imitate the
OAuth2.0 flow in your test cases. (See Aaron Parecki’s tutorial for a good
introduction to OAuth2.0.) One app (
oauth2_resource_app()) is the API
server that serves both as the resource and provides authorization.
oauth2_third_party_app() plays the role of the third-party app. They
are useful when testing or demonstrating code handling OAuth2.0
authorization, token caching, etc. in a package. The apps can be used in
your tests directly, or you could adapt one or both of them to better
mimic a particular OAuth2.0 flow.
POST /login/configUse this endpoint to configure the client ID and the client secret of the app, received from
oauth2_resource_app()(or another resource app). You need to send in a JSON or URL encoded body:
auth_url, the authorization URL of the resource app.
token_url, the token URL of the resource app.
client_id, the client ID, received from the resource app.
client_secretthe client secret, received from the resource app.
GET /loginUse this endpoint to start the login process. It will redirect to the resource app for authorization and after the OAuth2.0 dance to
POST /login/redirectThis is the redirect URI of the third party app. (Some HTTP clients redirect a
GET, others don't, so it has both.) This endpoint is used by the resource app, and it received the
codethat can be exchanged to an access token and the
statewhich was generated in
/login. It contacts the resource app to get an access token, and then stores the token in its
app$localslocal variables. It fails with HTTP code 500 if it cannot obtain an access token. On success it returns a JSON dictionary with
refresh_token(optionally) by default. This behavior can be changed by redefining the
GET /localsreturns the tokens that were obtained from the resource app.
GET /datais an endpoint that uses the obtained token(s) to connect to the
/dataendpoint of the resource app. The
/dataendpoint of the resource app needs authorization. It responds with the response of the resource app. It tries to refresh the access token of the app if needed.
For more details see
vignette("oauth", package = "webfakes").