- Within the validity period (specified by expires_in) of the access token, do not frequently send requests. Otherwise, flow control may be triggered. The current threshold for triggering the app-level access token flow control is 1000 access tokens every 5 minutes. In 5 minutes, you can apply for another.
- In each authorization mode, if an access token is manually obtained, for example, by running the curl command or using Postman, remember to restore the escape character \/ to / in the JSON character string so that the obtained access token is correct. To obtain a correct access token during code execution, you can use any third-party library to parse the JSON string.
- For details about other error codes, please refer to Error Type.
OAuth 2.0-based Authentication
Content overview
Overview
As an open authorization protocol, OAuth 2.0 allows your app to access user-authorized resources without obtaining user names and passwords. For details about OAuth 2.0 specifications, please visit the OAuth 2.0 official website.
Client Credentials
This mode does not require authorization from any user. In this mode, your app can generate an access token to access Huawei public app-level APIs.
The process is as follows.
1. Your app calls the https://oauth-login.cloud.huawei.com/oauth2/v3/token API of the Account Kit server.
2. The Account Kit server returns the app-level access token.
Request message:
Send a POST request. Example:
POST /oauth2/v3/token HTTP/1.1 Host: oauth-login.cloud.huawei.com Content-Type: application/x-www-form-urlencoded grant_type=client_credentials&client_id=<Client ID>&client_secret=<Client secret>
Parameter | Mandatory (M)/Optional (O) | Description |
|---|---|---|
grant_type | M | Set this parameter to client_credentials, which indicates the Client Credentials mode. |
client_id | M | For an app created in AppGallery Connect, set this parameter to the client ID in OAuth 2.0 Client ID of the app. |
client_secret | M | For an app created in AppGallery Connect, set this parameter to the client secret in OAuth 2.0 Client ID of the app. |
Response message:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
{
"access_token": "<Returned access token>",
"expires_in": 3600,
"token_type": "Bearer"
} Parameter | Mandatory (M)/Optional (O) | Description |
|---|---|---|
access_token | M | App-level access token. |
expires_in | M | Remaining validity period of an access token, in seconds. |
token_type | M | This value is always Bearer, indicating the type of the returned access token. |
NOTE
By now, the user has signed in to your app with the HUAWEI ID, and your app can access Huawei public app-level APIs.
Search
Enter a keyword.