It’s an authentication method that prevents having to ask the user for the password time and time again. This way, a user who’s logged in to your-website.com doesn’t have to log in again to another-website.com.
This is done by using cookies. As the main authentication mechanism is OAuth2, a way of exchanging the shared session (the session cookies) for an access_token is required.
This is achieved through a POST to the authorization endpoint, using the parameter grant_type=urn:com.druid:oauth2:grant_type:exchange_session and sending all the cookies from the user’s browser.
Once the access_token has been obtained, it’s no longer necessary to start the authorization process and the APIs can be accessed immediately.
|grant_type||The value must be set to urn:com.druid:oauth2:grant_type:exchange_session||string|
|client_id||Identifier of the client application.||string|
|client_secret||Secret of the client application.||string|
|oauth_token||The user token to be exchanged||string|