The diagram below details the typical sequence of requests made by for the Authorization Code flow for PSD2 APis:
STEP 3: Start the auth code flow:
https://{oauth_host}/authorize?client_id={cliend_id}&response_type=code&scope={scopes}&redirect_uri={redirect_uri}&state={state}
STEP 5: User authenticates and gives consent
STEP 6: Redirection to your app with auth code and state
Redirection to the call back URL provided at onboarding time.
STEP 8 and step 9 : Check the state and extract the auth code form the url
STEP 10: Request a token with the auth code recieved:
Your request:
curl --location --request POST 'https://{oauth_host}/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic {base64(client_id:client_secret)}' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'code={code}' --data-urlencode 'scope={scopes}' \ --data-urlencode 'redirect_uri={redirect_uri}'
STEP 11: RESPONSe
{ "refresh_token_expires_in" : "7775999", "refresh_token_status" : "approved", "api_product_list" : "[oauth, product]", "api_product_list_json" : [ "oauth", "product" ], "organization_name" : "bnpcib", "developer.email" : "john.doe@example.com", "token_type" : "BearerToken", "issued_at" : "1580999256158", "client_id" : "{client_id}", "access_token" : "{access_token}", "refresh_token" : "{refresh_token}", "application_name" : xyz", "scope" : "", "refresh_token_issued_at" : "1580999256158", "expires_in" : "1799", "refresh_count" : "0", "status" : "approved" }
