GuidesAPI ReferenceForumContact
Guides

OAuth 2.0 Handshake

Suggest Edits

To simplify initial testing of the OAuth 2.0 handshake, we prepared a helper APIs for you that will handle the full cycle of user authentication and issuing the OAuth 2.0 access token with appropriate scope.

Configuring OAuth 2.0 Credentials

First, you need to configure the standard OAuth 2.0 application (client) credentials: OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET and OAUTH_REDIRECT_URL.

  1. In the upper left corner, click the arrow next to the "No Environment" link and select "Manage Environment".
2260

Environment management menu in Insomnia.

  1. Edit the defaults so that they contain the correct OAuth 2.0 parameters of an application you created earlier: OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET and OAUTH_REDIRECT_URI.
2260

OAuth 2.0 environment setup.

Obtaining Access Token After User Authentication

After you configured the OAuth 2.0 client credentials, you may proceed with the user authentication and obtaining the OAuth 2.0 access token, which can be later used to fetch various protected resources.

  1. First, you need to select one of the two helper resources we prepared. For Account Infomation Service, select: /oauth/authorize - AISP. For Payment Initiation Service, select /oauth/authorize - PISP. Then, select the "OAuth 2" tab in the main pane.
2260

Select the OAuth 2.0 helper method and "OAuth 2" tab afterwards.

  1. Scroll the middle pane down so that you can see the "Fetch Tokens" button. Click this button to initiate OAuth 2.0 dance.
2260

"Fetch Tokens" button in "OAuth 2" pane.

  1. An authentication window will pop out in the context of Insomnia. A user with account at CNB must proceed with the authentication steps to finalize the process before a token can be issued.
1824

Web user interface for OAuth 2.0 dance.

  1. Wait until Insomnia fetches the OAuth 2.0 access token.
2260

Insomnia client with just issued OAuth 2.0 access token.

Configure OAuth 2.0 Access Token

After you obtain the access token, you can finally finish the OAuth 2.0 configuration by setting the OAUTH_ACCESS_TOKEN property in your environment. In case you installed the insomnia-plugin-accesstoken earlier, you do not need to do anything - the value of the token is automatically inserted into the environmental variable.

Otherwise, you can always override the access token value manually by following these steps:

  1. In the upper left corner, click the arrow next to the "No Environment" link and select "Manage Environment".
2260
  1. Edit the defaults so that they contain the correct OAuth 2.0 access token: OAUTH_ACCESS_TOKEN.
2260

Updated almost 5 years ago