Obtain the OAuth token
After your application has OAuth client and IFS CE authorization server details, you can obtain the OAuth tokens.
-
Send an Authorization Code Request to IFS CE authorization
server.
Initiate the process of obtaining the OAuth token by sending authorization code request to the IFS CE authorization server. This is an HTTP GET or POST request to the authorization endpoint with these parameters:
- client_id
- Specify the OAuth client ID specific to your application.
- redirect_uri
- Specify the URL where the IFS authorization server sends the code upon user consent. This must be the same URL as registered in IFS during integration.
- response_type=code
- Specify the IFS authorization server to send the authorization code upon user consent.
-
Resource Owner (User) Authentication and Consent (IFS
functionality).
The IFS authorization server works with the IFS Federation Hub to authenticate the user/resource owner and get user consent to release the claims to your app. If the user approves sharing claims with your application, then the IFS authorization server releases the authorization code to your application.
-
Exchange the authorization code for an access token and refresh
token.
By using the token endpoint of the IFS authorization server, exchange the authorization code for an OAuth access token and refresh token. Send these parameters as Content-Type "application/x-www-form-urlencoded"
- client_id
- Specify the OAuth client ID specific to your application.
- client_secret
- Specify the OAuth client secret received while acquiring the OAuth client details.
- grant_type=authorization_code
- Specify the hint authorization server about the grant type being used.
- redirect_uri
- Specify the URL where the authorization server sends the access token. This URL must match the URL registered in API Gateway CE/IFS CE during integration.
- code
- Specify the authorization code sent by the authorization server in the previous step.
-
In exchange, the authorization server provides these parameters:
- token_type- This is the type of token issued, for example, Bearer.
- expires_in - This is the validity period of the access token.
- refresh_token - This is the refresh token to be used to renew the expired access token.
- access_token - This is the token to be used for accessing protected resources.