Scripting Guide > Extending JMP > OAuth 2.0 for Web APIs > Authorization Code Grant
Publication date: 07/08/2024

Authorization Code Grant

The Authorization Code grant usually sends refresh tokens. Refresh tokens are unique in that they act as a sort of pseudo, permanent access token. Although you won’t access sensitive information with them, a refresh token is all you need to get more access tokens. Treat it like you would your password.

The following code snippet creates an OAuth token using the Authorization Code grant. Notice this requires Request Auth(), Client Secret(), and Redirect URL(). Remember, after you make the token once, you can remove everything but the User and Client ID from OAuthTokens.jmp.

token = New OAuth2 Token(
	User( "Test User" ),
	Client ID( "12ab" ),
	Client Secret( "3456dEfG" ),
	Request Auth(
		Scope( "history" ),
		Auth URL( "https://example.com/services/oauth2/authorize" ),
	),
	Redirect URL( "https://www.getpostman.com/oauth2/callback" ) ,
	Token URL( "https://example.com/services/oauth2/token" )
);

Note: See your API documentation for more information about how to get values such as the client secret and token URL.

After you run this code once, clean it up and make it secure.

token = New OAuth2 Token(
	User( "Test User" ),
	Client ID( “12ab” ),
);

Existing Refresh Tokens

You might already be familiar with OAuth and have saved a refresh token to your script. The following snippet creates an OAuth token with that existing token.

token = New OAuth 2 Token (
	User( "yourgoogleaccount@gmail.com" ),
	Refresh Token( "1a2b3c4e5F" ),
	Token URL( "https://www.example.com/oauth2/token" ),
	Client ID( "12ab" ),
	Client Secret( "3456dEfG" )
);

After you run this code once, clean it up and make it secure.

token = New OAuth2 Token(
	User( "yourgoogleaccount@gmail.com" ),
	Client ID( "12ab" )
);
Want more information? Have questions? Get answers in the JMP User Community (community.jmp.com).