For a desktop application
Authentication for a desktop application is done as follows:
- Redirect a customer to the https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth, with the following parameters in the query string:
client_id
- Your applicationclient_id
response_type
- A texttoken
should be always passed in this parameterscope
- A textcorp
should be always passed in this parameterredirect_uri
– A redirect Uri of your applicationkc_locale
– An interface language.ka
should be passed for the Georgian language. Without passing this parameter an English interface will appear.
For example, if a client id of your application is implicitclient
and a redirect Uri is https://example.com/callback, the address will have the following format (after URL encoding): https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth?client_id=implicitclient&response_type=token&scope=corp&redirect_uri=https%3A%2F%2Fexample.com%3A44312%2Fcallback&state=e46fcdf4-a4bf-4dc6-8a42-e1b12e27826b&kc_locale=ka
A customer will be redirected to the redirect_uri address, with the following parameters in the query string:
access_token
- A temporary tokenexpires_in
- An expiration timetoken_type
- A token type
Authenticate using HTTP Basic Auth. On requesting the service, a Bearer Token is returned, which is used as an authentication parameter for calling the following methods.
Header
Content-Typerequiredstring
application/x-www-form-urlencoded.
Authorization requiredstring
authentication using the HTTP Basic Auth. Use your application client_id
as a user and a client_secret
of your application as a password.
Body
grant_typerequiredstring
A text client_credentials
should be always passed in this parameter.
coderequiredstring
A temporary code
redirect_urirequiredstring
Your application redirect_uri
Response
access_tokenstring
A token returned by the authorization server.
token_typestring
A token type (A text value bearer
being returned)
app_idstring
Not used.
expires_instring
A number of seconds during which a token is active.
refresh_expires_instring
The maximum time before a refresh token is expired and invalidated. It allows for the specification of a shorter timeout of refresh token than the session timeout.
not-before-policystring
If an access token or refresh token is compromised, access the Admin Console and push a not-before revocation policy to all applications. Pushing a not-before policy ensures that any tokens issued before that time become invalid.
scopestring
A standard OAuth 2.0 authorization mechanism. A context in which a Token is valid.