Skip to main content

For a desktop application

Authentication for a desktop application is done as follows:

  1. Redirect a customer to the https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth, with the following parameters in the query string: client_id - Your application client_idresponse_type - A text token should be always passed in this parameter scope - A text corp should be always passed in this parameter redirect_uri – A redirect Uri of your application kc_locale – An interface language. ka should be passed for the Georgian language. Without passing this parameter an English interface will appear.

For example, if a client id of your application is implicitclient and a redirect Uri is https://example.com/callback, the address will have the following format (after URL encoding): https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth?client_id=implicitclient&response_type=token&scope=corp&redirect_uri=https%3A%2F%2Fexample.com%3A44312%2Fcallback&state=e46fcdf4-a4bf-4dc6-8a42-e1b12e27826b&kc_locale=ka

  1. A customer will be redirected to the redirect_uri address, with the following parameters in the query string:

    • access_token - A temporary token
    • expires_in - An expiration time
    • token_type - A token type
  2. Authenticate using HTTP Basic Auth. On requesting the service, a Bearer Token is returned, which is used as an authentication parameter for calling the following methods.

Content-Typerequiredstring

application/x-www-form-urlencoded.

Authorization requiredstring

authentication using the HTTP Basic Auth. Use your application client_id as a user and a client_secret of your application as a password.

Body

grant_typerequiredstring

A text client_credentials should be always passed in this parameter.

coderequiredstring

A temporary code

redirect_urirequiredstring

Your application redirect_uri

Response

access_tokenstring

A token returned by the authorization server.

token_typestring

A token type (A text value bearer being returned)

app_idstring

Not used.

expires_instring

A number of seconds during which a token is active.

refresh_expires_instring

The maximum time before a refresh token is expired and invalidated. It allows for the specification of a shorter timeout of refresh token than the session timeout.

not-before-policystring

If an access token or refresh token is compromised, access the Admin Console and push a not-before revocation policy to all applications. Pushing a not-before policy ensures that any tokens issued before that time become invalid.

scopestring

A standard OAuth 2.0 authorization mechanism. A context in which a Token is valid.