Merge pull request authlib#75 from azmeuk/readme

lepture · web-flow · commit f1aade048fb4 · 2020-08-30T14:08:02.000+09:00
Authorization code example
diff --git a/README.md b/README.md
@@ -45,6 +45,8 @@ Before testing, we need to create a client:
 
 ![create a client](https://user-images.githubusercontent.com/290496/38811988-081814d4-41c6-11e8-88e1-cb6c25a6f82e.png)
 
+### Password flow example
+
 Get your `client_id` and `client_secret` for testing. In this example, we
 have enabled `password` grant types, let's try:
 
@@ -58,6 +60,27 @@ Because this is an example, every user's password is `valid`. Now you can access
 $ curl -H "Authorization: Bearer ${access_token}" http://127.0.0.1:5000/api/me
 ```
 
+### Authorization code flow example
+
+To test the authorization code flow, you can just open this URL in your browser.
+```bash
+$ open http://127.0.0.1:5000/oauth/authorize?response_type=code&client_id=${client_id}&scope=profile
+```
+
+After granting the authorization, you should be redirected to `${redirect_uri}/?code=${code}`
+
+Then your app can send the code to the authorization server to get an access token:
+
+```bash
+$ curl -u ${client_id}:${client_secret} -XPOST http://127.0.0.1:5000/oauth/token -F grant_type=authorization_code -F scope=profile -F code=${code}
+```
+
+Now you can access `/api/me`:
+
+```bash
+$ curl -H "Authorization: Bearer ${access_token}" http://127.0.0.1:5000/api/me
+```
+
 For now, you can read the source in example or follow the long boring tutorial below.
 
 **IMPORTANT**: To test implicit grant, you need to `token_endpoint_auth_method` to `none`.
