Authenticate via the code method
Use Case
The code method is designed for applications aiming to integrate SSO (Single Sign-On) based on Resamania user accounts. This is mainly of interest to applications and websites.
Authentication Steps
With the code method, it is the end user who grants your application access to their data. The consent mechanism is fully managed by the OAuth server. Your application redirects the end user via a browser, and we return them with an authorization code that allows you to request an access token.
Here are the general steps:
- Step 1: Redirect the user to the authorization URL
- Step 2: We identify the user for you
- Step 3: You receive a one-time authorization code
- Step 4: You send the authorization code to us
- Step 5: You receive an access token
Step 1 - Redirect the User
Redirect your user to the following address:
https://{api_base_url}/{client_token}/oauth/login?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}Refer to the table below for the request parameters:
| Parameter | Description |
|---|---|
api_base_url | The URL of the API you wish to use. This varies based on integration and production environments |
client_token | Each club string has its Resamania identifier called client_token |
response_type | The OAuth response type, set to code for the authorization_code method |
client_id | Each registered application has an identifier with the OAuth server called client_id |
redirect_uri | One of the return URLs associated with your application during registration |
Step 2 - Identify the User
Once the user lands on the authentication page, they will be prompted to enter their username and password. This step requires no action on your part as it is fully handled by the OAuth server. If necessary, a password recovery feature is also offered.
Step 3 - Receive the Code
Once the user is identified, we send them to the return URL with the authorization code.
{redirect_uri}?code={code}Refer to the table below for the request parameters:
| Parameter | Description |
|---|---|
redirect_uri | The return URL specified in Step 1 |
code | A one-time authorization code to exchange for an access token |
Step 4 - Send the Authorization Code
Once you have the authorization code, you must exchange it for an access token. To do this, make a POST request to the OAuth server's API as follows:
POST https://{api_base_url}/{client_token}/oauth/v2/tokenThe headers of the request are as follows:
| Header | Value |
|---|---|
Content-Type | application/json |
The body of the request should contain the following information:
grant_type:authorization_code
client_id:{client_id}
client_secret:{client_secret}
code:{code}
redirect_uri:{redirect_uri}| Parameter | Description |
|---|---|
grant_type | The method name, set to authorization_code |
client_id | Each registered application has an identifier with the OAuth server called client_id |
client_secret | Each registered application has a secret string with the OAuth server called client_secret |
code | The one-time authorization code received in Step 3 |
redirect_uri | The return URL specified in Step 1 |
Once exchanged, a code will always return a 400 error, indicating that the code is invalid or non-existent.
Step 5 - Receive the Access Token
The OAuth server's API will return the following information in response:
{
"access_token":"{access_token}",
"expires_in":{expires_in},
"token_type":"bearer",
"scope":{scope},
"refresh_token":"{refresh_token}"
}
| Parameter | Description |
|------------------|-------------|
| `access_token` | The JWT token required for any request to the Resamania API |
| `expires_in` | The validity duration of the *access token* in seconds |
| `token_type` | The type of *access token*, which for Resamania is always `Bearer` |
| `scope` | The specific scopes related to the *access token* |
| `refresh_token` | The token used to renew access |