Grant Methods
SoapUI supports all of the OAuth 2.0 grant types. Below you can find additional information on their properties. For more information on configuring OAuth2 authorization, see OAuth2 Tutorial.
Implicit Grant
The Implicit Grant flow is used when the user-agent will access the protected resource directly, such as in a rich web application or a mobile app.
| Option | Description |
|---|---|
| OAuth 2 Flow | The OAuth 2 method. |
| Client Identification | The string identifying the client. |
| Authorization URI | The authorization server URI. |
| Redirect URI | The URI you will be redirected to after successful authorization. |
| Scope | The full scope string defining the requested permissions. |
| Get Access Token | Click this button to retrieve the access token. |
| Automation | Click this button to open the Automated Token Profile Editor. |
Authorization Code Grant
The Authorization Code flow is used when the client is a third-party server or web application, which performs the access to the protected resource.
| Option | Description |
|---|---|
| OAuth 2 Flow | The OAuth 2 method. |
| Client Identification | The string identifying the client. This us not user login. |
| Client Secret | The secret string for the client. This us not user password. |
| Authorization URI | The authorization server URI. |
| Access Token URI | The URI to get access token from. |
| Redirect URI | The URI you will be redirected to after successful authorization. |
| Scope | The full scope string defining the requested permissions. |
| Get Access Token | Click this button to retrieve the access token. |
| Automation | Click this button to open the Automated Token Profile Editor. |
Resource Owner Password Credentials Grant
The password/Resource Owner Password Credentials grant takes the uses the resource owner password to obtain the access token. Optionally, a refresh token is also sent. The password is then discarded.
| Option | Description |
|---|---|
| OAuth 2 Flow | The OAuth 2 method. |
| Resource Owner Name | Resource owner identification. |
| Resource Owner Password | Password used by the resource owner. |
| Client Identification | The string identifying the client. This us not user login. |
| Client Secret | The secret string for the client. This us not user password. |
| Access Token URI | The URI to get access token from. |
| Scope | The full scope string defining the requested permissions. |
| Get Access Token | Click this button to retrieve the access token. |
| Automation | Click this button to open the Automated Token Profile Editor. |
Client Credentials Grant
The Client Credentials grant type is used when the client is requesting access to protected resources under its control.
| Option | Description |
|---|---|
| OAuth 2 Flow | The OAuth 2 method. |
| Client Identification | The string identifying the client. This us not user login. |
| Client Secret | The secret string for the client. This us not user password. |
| Access Token URI | The URI to get access token from. |
| Scope | The full scope string defining the requested permissions. |
| Get Access Token | Click this button to retrieve the access token. |
| Automation | Click this button to open the Automated Token Profile Editor. |