Authentification for a web application
An authentification for a web application is done as follows:
- Redirect a customer to the https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth, with the following parameters in the query string:
client_id
- Your applicationclient_id
response_type
- A textcode
should be always passed in this parameterscope
- A textcode
should be always passed in this parameterredirect_uri
– A redirect Uri of your applicationkc_locale
– An interface language.ka
should be passed for the Georgian language. Without passing this parameter an interface will appear in English.
For example, if a client id of your application is codeclient
and a redirect Uri is https://example.com/callback
, the address will have the following format (after URL encoding): https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth?client_id=codeclient&response_type=code&scope=corp&redirect_uri=https%3A%2F%2Fexample.com%3A44312%2Fcallback
- A customer will approve an application request
- A customer will be redirected to the redirect_uri address, with the following parameters in the query string:
code
– A temporary code
- Authenticate using HTTP Basic Auth. On requesting the service, a Bearer Token is returned, which is used as an authentication parameter for calling the following methods.
Resposne
A token returned by the authorization server.
A token type (A text value bearer
is being returned)
Not used.
A number of seconds of a Token being active.
The maximum time before a refresh token is expired and invalidated. It allows for the specification of a shorter timeout of refresh token than the session timeout.
If an access token or refresh token is compromised, access the Admin Console and push a not-before revocation policy to all applications. Pushing a not-before policy ensures that any tokens issued before that time become invalid.
A standard OAuth 2.0 authorization mechanism. A context in which a Token is valid.