Grant Methods

SoapUI supports all of the OAuth 2.0 grant types. Below you can find additional information on their properties. For more information on configuring OAuth2 authorization, see OAuth2 Tutorial.

Implicit Grant

The Implicit Grant flow is used when the user-agent will access the protected resource directly, such as in a rich web application or a mobile app.

Implicit Grant

Option Description
OAuth 2 Flow The OAuth 2 method.
Client Identification The string identifying the client.
Authorization URI The authorization server URI.
Redirect URI The URI you will be redirected to after successful authorization.
Scope The full scope string defining the requested permissions.
Get Access Token Click this button to retrieve the access token.
Automation Click this button to open the Automated Token Profile Editor.

Authorization Code Grant

The Authorization Code flow is used when the client is a third-party server or web application, which performs the access to the protected resource.

Authorization Code Grant

Option Description
OAuth 2 Flow The OAuth 2 method.
Client Identification The string identifying the client. This us not user login.
Client Secret The secret string for the client. This us not user password.
Authorization URI The authorization server URI.
Access Token URI The URI to get access token from.
Redirect URI The URI you will be redirected to after successful authorization.
Scope The full scope string defining the requested permissions.
Get Access Token Click this button to retrieve the access token.
Automation Click this button to open the Automated Token Profile Editor.

Resource Owner Password Credentials Grant

The password/Resource Owner Password Credentials grant takes the uses the resource owner password to obtain the access token. Optionally, a refresh token is also sent. The password is then discarded.

Authorization Code Grant

Option Description
OAuth 2 Flow The OAuth 2 method.
Resource Owner Name Resource owner identification.
Resource Owner Password Password used by the resource owner.
Client Identification The string identifying the client. This us not user login.
Client Secret The secret string for the client. This us not user password.
Access Token URI The URI to get access token from.
Scope The full scope string defining the requested permissions.
Get Access Token Click this button to retrieve the access token.
Automation Click this button to open the Automated Token Profile Editor.

Client Credentials Grant

The Client Credentials grant type is used when the client is requesting access to protected resources under its control.

Authorization Code Grant

Option Description
OAuth 2 Flow The OAuth 2 method.
Client Identification The string identifying the client. This us not user login.
Client Secret The secret string for the client. This us not user password.
Access Token URI The URI to get access token from.
Scope The full scope string defining the requested permissions.
Get Access Token Click this button to retrieve the access token.
Automation Click this button to open the Automated Token Profile Editor.