OAuth Documentation
1. Authentication interface
request
GET https://gitcode.com/oauth/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code&scope={scope}&state={state}
| Parameter name | Description | Type | Data type |
|---|---|---|---|
| client_id* | Registered client ID | query | string |
| redirect_uri* | URL after authorization | query | string |
| scope | permission scope | query | string |
| state | Random string, used to prevent cross-site request forgery attacks | query | string |
2. Redirect
If the user accepts your authorization, GitCode will redirect back to your website, carrying the code parameter and the state you provided in the parameter in the previous step. If the status does not match, a third party created the request and the process needs to be aborted.
GET {redirect_uri}?code={code}&state={state}
3. Obtain authorization token
POST https://gitcode.com/oauth/token?grant_type=authorization_code&code={code}&client_id={client_id}&client_secret={client_secret}
| Parameter name | Description | Type | Data type |
|---|---|---|---|
| grant_type | Authorization code mode | query | authorization_code |
| code* | authorization code | query | string |
| client_id* | Registered client ID | query | string |
| client_secret* | Registered client secret | form-data | string |
response
{
"access_token": "eyPZPVNfsibj9tap_ibj3t3p",
"expires_in": 1296000,
"refresh_token": "b77ced3aee884348852160deab3697a1",
"scope": "all_user all_key all_groups all_projects all_pr all_issue all_note all_hook all_repository",
"created_at": "2024-04-20T09:07:59.889Z"
}
4. Use access token to access user information API
Authorization: Bearer {access_token}
GET https://api.gitcode.com/api/v5/user
5. Refresh access_token
POST https://gitcode.com/oauth/token?grant_type=refresh_token&refresh_token={refresh_token}
4. 使用访问令牌访问用户信息API
Authorization: Bearer {access_token}
GET https://api.gitcode.com/api/v5/user
5. 刷新access_token
POST https://gitcode.com/oauth/token?grant_type=refresh_token&refresh_token={refresh_token}