Authentication

Jonas Enlund edited this page Aug 4, 2017 · 3 revisions

The Akvo Flow API uses OpenID connect for authentication.

curl -s \
     -d "client_id=curl" \
     -d "username=<your email>" \
     -d "password=<your password>" \
     -d "grant_type=password" \
     -d "scope=openid" \
     "https://login.akvo.org/auth/realms/akvo/protocol/openid-connect/token"
{
  "access_token": "eyJhbG...",
  "refresh_token": "eyJhbG..."
}

The access_token is the token that should be used in the Akvo Flow Authorization header. This token is relatively short lived but can be refreshed (in order to get a new access token) using the refresh_token:

curl -s \
     -d "client_id=curl" \
     -d "refresh_token=eyJhbG..." \
     -d "grant_type=refresh_token" \
     -d "scope=openid" \
     "https://login.akvo.org/auth/realms/akvo/protocol/openid-connect/token"

The refresh token will also expire after a certain amount of time. It is possible to request a special type of refresh token (called "offline token") that will not expire by changing the scope from openid to openid offline_access:

curl -s \
     -d "client_id=curl" \
     -d "username=<your email>" \
     -d "password=<your password>" \
     -d "grant_type=password" \
     -d "scope=openid offline_access" \
     "https://login.akvo.org/auth/realms/akvo/protocol/openid-connect/token"

This refresh token can be saved and reused later to get access tokens without the need for the users credentials.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.