Important

You are browsing the documentation for version 4.1 of OroCommerce, OroCRM and OroPlatform, which is no longer maintained. Security Support ends in January 2023. Read version 5.0 (the latest LTS version) of the Oro documentation to get the updated information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

OAuth Authentication

OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.

It is implemented by the OroOAuth2ServerBundle that supports OAuth 2.0 Client Credentials Grant, OAuth 2.0 Client Credentials Grant and OAuth 2.0 Password Grant.

For more details, see Manage OAuth Applications and Manage Storefront OAuth Applications.

Generate Tokens

Note

In order to use OAuth authentication, private and public keys should be generated and placed to the server. Please contact your administrator or please follow the OroOAuth2ServerBundle documentation if you see the following error message:

The encryption key does not exist.

Note

If the system has the customer portal package installed, OAuth authorization for customer users to the storefront API resources is enabled automatically.

Business Tip

Want to take advantage of the new digital commerce trend? Check out everything you need to know about a B2B wholesale marketplace.