• You have created an OAuth 2.0 application and would like to set up the minimum configuration to be able to test it.
• This article provides a simple example that could be adapted to your needs.

• Liferay DXP 7.3, 7.4, Quarterly Releases
• Oauth 2 Custom App
  • 'Client Secret Basic Or Post' Authentication method.
  • 'Client Credentials' enabled.
• Web browser console to perform the test (For example: Chrome).

Setting up the environment

Before we dive in and do the test, let's go over a few things first.

1. Oauth2 Scopes
   • First of all, you will need to enable the correct Oauth2 scope or you will get a 403 Forbidden error.
   • In this example, we will need to enable Liferay.Headless.Delivery.everything.read.
     
2. User Permissions
   • You can skip this check If you set up a user having the administration.
     
   • If not, the user has right to create tokens for your custom Application.
     • You may need to create a custom role and assign it to the user. Then, go to Oauth 2 Administration →Custom App (3 dots menu) →Permission → and add "Create Token" permission to the role.
   • Also, the user must have rights to retrieve the content.
     • For example, if you are obtaining journal articles from a site, the user needs permissions to access and view those articles.
3. Service Access Policies
   
   • For this example, you should not need to add/modify any Service Access Policy.
   • But if you face any "Access denied to packagename.classname#methodname" issue, you could follow: Oauth 2 - Creating a Scope for a JSONWS Service to create a custom Access Policy that will add a new Oauth2 scope that needs to be enabled for the custom application.

Running the test

The test will retrieve the document's names in the root folder of a given site ( /o/headless-delivery/v1.0/openapi.json - getSiteDocumentsPage ), after obtaining a Oauth2 token before invoking the web service.

1. Prepare the content and the script:
   1. Create some documents in the root folder of any site identified by a site-id (groupId).
   2. Edit the attached javascript file oauth2app_simpletest.js and check/modify the following variables:
      • accessConfig = {"client_id":"<client-id>", "client_secret":"<client-secret>", "grant_type": "client_credentials"};
      • siteId="<site-id>";
2. Run the test
   1. In the web browser, go to the home page of your Liferay site (you do not need to be logged in).
   2. Open Dev Tools (usually pressing F12) → Console.
   3. Copy the code of the script and run it.
   4. The list of files will be displayed in the console.

Additional Information

• Using Oauth2 
• Authorizing Account Access with OAuth2 
• Oauth2 Scopes
• Service Access Policies