From 93338b438e02adc3986618d08e1d050a7d1b97dc Mon Sep 17 00:00:00 2001 From: "Yann Esposito (Yogsototh)" Date: Tue, 20 Feb 2018 14:03:40 +0100 Subject: [PATCH] hide interactive part on error --- login.html | 89 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 46 insertions(+), 43 deletions(-) diff --git a/login.html b/login.html index 0eebe0a..715699c 100644 --- a/login.html +++ b/login.html @@ -17,50 +17,52 @@

State

The process should also return the state provided. 

-        
Code

-        
The code is generated by the Authentication server and send back
-            to the client via the resource's owner user-agent

-        
For us, it is a JWT:

-        

-        
Which once decoded is:

-        

-        
Tokens

-        
 Now the client server need to retrieve an Access Token
-            and a Refresh Token by using that code.

-        
To achieve that the client will make a call to /token
-            using a basic auth creds

-        
You have about 10 mins to retrieve them.
-            Unlike in this demo, that MUST be done server side.

-        

-            Get Access & Refresh Tokens from Code
+        

+            
Code

+            
The code is generated by the Authentication server and send back
+                to the client via the resource's owner user-agent

+            
For us, it is a JWT:

+            

+            
Which once decoded is:

+            

+            
Tokens

+            
 Now the client server need to retrieve an Access Token
+                and a Refresh Token by using that code.

+            
To achieve that the client will make a call to /token
+                using a basic auth creds

+            
You have about 10 mins to retrieve them.
+                Unlike in this demo, that MUST be done server side.

+            

+                Get Access & Refresh Tokens from Code
+            

+            
Response from /token

+            
Nothing yet.

+            
decoded access-token

+            
Nothing yet.

+            
decoded refresh-token

+            
Nothing yet.

+            
Using the API

+            

+                Make an API call with the access token
+            

+            
Nothing yet.

+            
Getting new access token without user interaction

+            
 The access tokens are the only tokens which are able to talk to the
+                Visibility API.

+            
Access tokens live a short time (about 10 min to 1 hour)

+            
This is why the client must require a new access token using its
+                refresh token.
+                That is just making another call to /token
+                But with different parameters. 

+            

+                Get Access Tokens from Refresh Token
+            

+            
Nothing yet.

+            
Nothing yet.

         

-        
Response from /token

-        
Nothing yet.

-        
decoded access-token

-        
Nothing yet.

-        
decoded refresh-token

-        
Nothing yet.

-        
Using the API

-        

-            Make an API call with the access token
-        

-        
Nothing yet.

-        
Getting new access token without user interaction

-        
 The access tokens are the only tokens which are able to talk to the
-        Visibility API.

-        
Access tokens live a short time (about 10 min to 1 hour)

-        
This is why the client must require a new access token using its
-            refresh token.
-            That is just making another call to /token
-            But with different parameters.
-        

-            Get Access Tokens from Refresh Token
-        

-        
Nothing yet.

-        
Nothing yet.