Alternatively, you can try the Authorization Code grant type in the browser without having to use any web app. I wrote a blog post on how to do it [1]
You can test the authorization grant with a combination of a browser redirect and a curl command. The step by step guide with screenshots to achieving this is explained in the blog post.
Let me explain the summary of steps here,
- Log in to Identity Server (5.1.0 or higher)
- Create a Service Provider and enable Inbound OAuth Authentication
- Provide the callback URL as "https://localhost/callback"
- Open a private window in a browser and type in the below URL. Replace {client_id} with the client_id of the OAuth client_id of the Service Provider
https://localhost:9443/oauth2/authorize?response_type=code&client_id={client_id}&redirect_uri=https://localhost/callback&scope=read
Next, you will be prompted to login and thereafter to approve for consent.
You will be redirected with the authorization code as "code"
query param in the URL
Use a CURL request to the token endpoint to get a valid access token
curl -k -v --user {client_id}:{client_secret} -d "grant_type=authorization_code&code={authorization_code}&redirect_uri=https://localhost/callback" https://localhost:9443/oauth2/token
(replace {client_id},{client_secret} and {authorization_code} with correct values)
You can refer [1] for screenshots.
[1] http://blog.farazath.com/2016/05/trying-out-oauth2-authorization-code.html