Skip to main content

Authentification for a web application

An authentification for a web application is done as follows:

  1. Redirect a customer to the https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth, with the following parameters in the query string:
  • client_id - Your application client_id
  • response_type - A text code should be always passed in this parameter
  • scope - A text code should be always passed in this parameter
  • redirect_uri – A redirect Uri of your application
  • kc_locale – An interface language. ka should be passed for the Georgian language. Without passing this parameter an interface will appear in English.

For example, if a client id of your application is codeclient and a redirect Uri is https://example.com/callback, the address will have the following format (after URL encoding): https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth?client_id=codeclient&response_type=code&scope=corp&redirect_uri=https%3A%2F%2Fexample.com%3A44312%2Fcallback

  1. A customer will approve an application request
  2. A customer will be redirected to the redirect_uri address, with the following parameters in the query string:
  • code – A temporary code
  1. Authenticate using HTTP Basic Auth. On requesting the service, a Bearer Token is returned, which is used as an authentication parameter for calling the following methods.

application/x-www-form-urlencoded

authentification using the HTTP Basic Auth. Use your application client_id as a user and a client_secret of your application as a password.

Body

A text client_credentials should be always passed in this parameter.

A temporary code.

Your application redirect_uri

Resposne

A token returned by the authorization server.

A token type (A text value bearer is being returned)

Not used.

A number of seconds of a Token being active.

The maximum time before a refresh token is expired and invalidated. It allows for the specification of a shorter timeout of refresh token than the session timeout.

If an access token or refresh token is compromised, access the Admin Console and push a not-before revocation policy to all applications. Pushing a not-before policy ensures that any tokens issued before that time become invalid.

A standard OAuth 2.0 authorization mechanism. A context in which a Token is valid.