The OAuth 2.0 authorization code grant flow in the API Portal has been improved to make it more comprehensive and user-friendly. This includes introducing cancellable actions, access token visibility and updates to the UI for selecting scopes or resetting the token.
Previously, the API Portal supported a basic form of OAuth 2 authorization grant flow. If you clicked on the Get Token button, the state was not cancellable and the user remained stuck until the consent credentials were provided. Furthermore, the access token obtained was not visible to the user.
Now, once the user clicks on the Get Token button in the API Portal, a new tab will open to complete the OAuth consent step, with an option to cancel the operation.
After successfully completing the consent flow, the user is notified and redirected back to the API Portal, and the OAuth access token is set in the config for use with the API calls. The user is also able to see the authorization token details (including access token, refresh token and token type) along with the expiry timer of the token. At any point, the user can request to reset the token using the Reset Token button.
Moreover, the UI for selecting and removing scopes has been revamped to make selection easier.