+ The process should also return the state provided.
+
+
+
Code
+
The code is generated by the Authentication server and send back
+ to the client via the resource's owner user-agent
+
For us, it is a JWT:
+
+
Which once decoded is:
+
+
Tokens
+
Now the client server need to retrieve an Access Token
+ and a Refresh Token by using that code.
+
To achieve that the client will make a call to /token
+ using a basic auth creds
+
You have about 10 mins to retrieve them.
+ Unlike in this demo, that MUST be done server side.
+
+ Get Access & Refresh Tokens from Code
+
+
Response from /token
+
token endpoint URL: Nothing yet.
+
Nothing yet.
+
decoded access-token
+
Nothing yet.
+
decoded refresh-token
+
Nothing yet.
+
Using the API
+
+ Make an API call with the access token
+
+
API URL: Nothing yet.
+
Nothing yet.
+
Getting new access token without user interaction
+
The access tokens are the only tokens which are able to talk to the
+ Visibility API.
+
Access tokens live a short time (about 10 min to 1 hour)
+
This is why the client must require a new access token using its
+ refresh token.
+ That is just making another call to /token
+ But with different parameters.
+ The process should also return the state provided.
+
+
+
Code
+
The code is generated by the Authentication server and send back
+ to the client via the resource's owner user-agent
+
For us, it is a JWT:
+
+
Which once decoded is:
+
+
Tokens
+
Now the client server need to retrieve an Access Token
+ and a Refresh Token by using that code.
+
To achieve that the client will make a call to /token
+ using a basic auth creds
+
You have about 10 mins to retrieve them.
+ Unlike in this demo, that MUST be done server side.
+
+ Get Access & Refresh Tokens from Code
+
+
Response from /token
+
token endpoint URL: Nothing yet.
+
Nothing yet.
+
decoded access-token
+
Nothing yet.
+
decoded refresh-token
+
Nothing yet.
+
Using the API
+
+ Make an API call with the access token
+
+
API URL: Nothing yet.
+
Nothing yet.
+
Getting new access token without user interaction
+
The access tokens are the only tokens which are able to talk to the
+ Visibility API.
+
Access tokens live a short time (about 10 min to 1 hour)
+
This is why the client must require a new access token using its
+ refresh token.
+ That is just making another call to /token
+ But with different parameters.