Esri's Geotrigger Service is replacing Geoloqi! Learn More | FAQ

oauth/token

Contents

URL

https://api.geoloqi.com/1/oauth/token

Description

Request an access token from the Geoloqi OAuth system.

This method may be called with the following grant_types:

  • authorization_code - an auth code received upon the redirect from the authorize step above
  • password - for mobile clients, if you have asked the user for their username/password in your app you can provide them directly to the API here
  • refresh_token - if you are refreshing your access token, provide your refresh token here
  • client_credentials - gets an access token for your application

Parameters

In all cases, `client_id` and `client_secret` are required parameters, or you can send the credentials via HTTP Basic Auth in a header.

Password

You can use the password grant to get an access token from a user logging in with their username and password.

Parameters

  • grant_type
    password
  • username
    The username or email address of the account
  • password
    The password of the account
  • client_id
    Your app's client ID
  • client_secret
    Your app's client secret

Authorization Code

Authorization code is used when handling the OAuth redirect after the user approves access to your app.

Parameters

  • grant_type
    authorization_code
  • code
    The auth code from the query string parameter
  • redirect_uri
    The redirect URI that was used when getting the auth code
  • client_id
    Your app's client ID that was used to get the auth code
  • client_secret
    Your app's client secret

Refresh Token

If your access token expires, you can use a refresh token to get a new access token without having to re-authorize the user. Your application may not be configured to use refresh tokens, so don't be surprised if you don't get a refresh token in your token response.

Parameters

  • grant_type
    refresh_token
  • refresh_token
    The refresh token you acquired previously
  • client_id
    Your app's client ID that was used to get the auth code
  • client_secret
    Your app's client secret

Application Token

You can use the client_credentials grant to get an access token for an application.

Parameters

  • grant_type
    client_credentials
  • client_id
    Your app's client ID
  • client_secret
    Your app's client secret

Assertion

Applications can get an access token for a user it has created by specifying the user ID.

Parameters

  • grant_type
    assertion
  • client_id
    Your app's client ID
  • client_secret
    Your app's client secret
  • assertion_type
    user_id (the literal string user_id)
  • assertion
    The user ID whose access token you're requesting

Response

Success

On success, the response will contain an access token and refresh token. The access token will either never expire or will be valid for an hour, and the refresh token will be valid for one year. The refresh token can be used to get a new access token. The refresh token in this response should replace other refresh tokens you may have stored previously.

{
  "access_token": "RsT5OjbzRn430zqMAZFh+QaLgVx+Q3Ia"
}

Error

You will get a descriptive error message if there was a problem creating the account. See Error Codes for more information.

{
  "error": "expired_token",
  "error_description": "The token provided has expired"
}