Last November, we launched the OAuth 2.0 Playground, a tool enabling you to easily experiment with the OAuth 2.0 protocol and APIs that use the protocol.
The OAuth 2.0 Playground |
Since then, we've continued adding new features to improve the developer experience and increase the versatility of the tool.
Below is a list of features that we added since the initial release of the OAuth 2.0 playground.
Support for the OAuth 2.0 Client-side flow
You can now use the playground to experiment with the OAuth 2.0 Client-side flow by simply changing a setting in the OAuth 2.0 configuration dialog. Once set, every subsequent authorization request is performed using the client-side flow, and the playground’s interface and logic adapt accordingly.
Setting the OAuth flow type |
Support for newer OAuth 2.0 drafts
We have added a setting to change the location of the access token in authorized requests to the APIs. We added support for the authorization header with a
Bearer
prefix and the access_token
URL parameter locations. This makes the playground compatible with most APIs supporting OAuth 2.0 drafts 10 to 25.Setting the access token location |
Display available API operations
You can now easily display all the operations that are available using your current access token. After clicking the Find available Request URIs button, the operations along with their associated HTTP Methods and URIs are displayed on the right-hand side. This should help you quickly set up your request to the Google APIs without needing to search through the online documentation.
Displaying the available endpoints after being authorized for the Google+ API |
Note: the technique used to find the list of operations available given an access token is described in this blog post.
Support for the
access_type
and the approval_prompt
parametersThe playground now also lets you try the new Google-specific settings of the OAuth 2.0 flow: the
access_type
and the approval_prompt
parameters of the authorization request.Setting the access type and whether or not to force the approval prompt |
Automatically refresh access tokens
If a refresh token is available, you can enable a feature that will automatically refresh the access token shortly before it expires. This is convenient if you are using the playground for a long time or if you are re-initializing the playground using the deep-link feature.
Enabling the access token auto-refresh feature |
Selectable links in responses
Clicking any links in an HTTP response will populate the request URI field so that you can quickly and conveniently set up the playground for the next operation.
Clicking a link populates the Request URI field |
If you have any feedback or would like to get in touch with us, please don’t hesitate to post on the OAuth 2.0 Playground forum.
Nicolas Garnier joined Google Developer Relations in 2008 and lives in Zurich. He is a Developer Advocate focusing on Google Apps and Web APIs. Before joining Google, Nicolas worked at Airbus and at the French Space Agency where he built web applications for scientific researchers.
Posted by Scott Knaster, Editor
No comments:
Post a Comment