Authenticate with the password Method
Use Case
Like the code method, the goal is to authenticate users based on their Resamania account. This method can be useful for both web and mobile applications.
Usage Steps
The password method allows, just like the authorization code method, to generate user-specific access tokens. The acquisition of the access token is also consented to by the end user. With this method, the authentication data collection of the end user is handled by the third-party application (your application).
Here are the general steps:
- Step 1: You provide the user's identifier and password.
- Step 2: You receive an access token.
Despite the simplicity of this method, it is generally preferable to use the
authorization codemethod, which is more secure and supports Single Sign-On.
Step 1 - Provide Identifier and Password
Make a POST request to: https://{api_base_url}/{client_token}/oauth/v2/token with the following parameters:
| Parameter | Location | Description |
|---|---|---|
api_base_url | Query | The API URL you wish to use. This varies depending on integration and production environments. |
client_token | Query | Each club group has a Resamania identifier called client_token. |
client_id | Body | Each registered application has an identifier with the OAuth server called client_id. |
client_secret | Body | Each registered application has a secret string with the OAuth server called client_secret. |
grant_type | Body | The method name, which should be set to password. |
username | Body | The end user's identifier. |
password | Body | The end user's password. |
Step 2 - Receive the Access Token
The OAuth server API will return the following response:
{
"access_token":"{access_token}",
"expires_in":{expires_in},
"token_type":"bearer",
"scope":{scope},
"refresh_token":"{refresh_token}"
}| paramètre | description |
|---|---|
| access_token | The JWT token required for any request to the Resamania API. |
| expires_in | The validity duration of the access token in seconds. |
| token_type | The type of access token, which for Resamania is always Bearer. |
| scope | The specific scopes related to the access token. |
| refresh_token | The token used to renew access. |