OAuth codes page

Key point: Use this page to review and test OAuth 2.0 authorization codes.

Reviewing authorization codes

OAuth authorization codes are issued as part of the OAuth 2.0 authorization code flow, to let a user grant access to a third party app (the client). They are short-lived, single-use codes.

This page lets you review the authorization codes that have been issued recently so that you can test the authorization code flow with a new client or review any suspicious activity. It includes:

unused authorization codes.
recently expired authorization codes.

When reviewing the codes, pay particular attention to the client ID, member ID, redirect URI, and any unusual long lifetime.

The authorization codes page shows the current server time and date on the top right.

Purging codes

Click the Purge button to remove from memory all the codes which have already expired. This has no effect on the user since the code has already expired but frees some memory and removes these codes from the table.

Creating new authorization codes

Creating authorization codes manually bypasses the OAuth 2.0 protocol and is inherently unsafe. For security reasons, this functionality might be conditionally removed in future versions of PageSeeder.

Click the Issue new authorization code... button to open the Issue authorization code dialog.

In the Client field, choose a client from the drop-down.
In the Member field, start typing then click a member to assign from the drop-down.
In the Scope field, enter the OAuth 2.0 scope to be granted to the token.

To finalize creating the authorization code, click the Issue button.

How to find this page

Administration menu > System administration > OAuth > Authorization codes