Contents |
URL
https://api.geoloqi.com/1/oauth/token
Description
Request an access token from the Geoloqi OAuth system.
This method may be called with the following grant_types:
- authorization_code - an auth code received upon the redirect from the authorize step above
- password - for mobile clients, if you have asked the user for their username/password in your app you can provide them directly to the API here
- refresh_token - if you are refreshing your access token, provide your refresh token here
- client_credentials - gets an access token for your application
Parameters
In all cases, `client_id` and `client_secret` are required parameters, or you can send the credentials via HTTP Basic Auth in a header.
Password
You can use the password grant to get an access token from a user logging in with their username and password.
Parameters
- grant_typepassword
- usernameThe username or email address of the account
- passwordThe password of the account
- client_idYour app's client ID
- client_secretYour app's client secret
Authorization Code
Authorization code is used when handling the OAuth redirect after the user approves access to your app.
Parameters
- grant_typeauthorization_code
- codeThe auth code from the query string parameter
- redirect_uriThe redirect URI that was used when getting the auth code
- client_idYour app's client ID that was used to get the auth code
- client_secretYour app's client secret
Refresh Token
If your access token expires, you can use a refresh token to get a new access token without having to re-authorize the user. Your application may not be configured to use refresh tokens, so don't be surprised if you don't get a refresh token in your token response.
Parameters
- grant_typerefresh_token
- refresh_tokenThe refresh token you acquired previously
- client_idYour app's client ID that was used to get the auth code
- client_secretYour app's client secret
Application Token
You can use the client_credentials grant to get an access token for an application.
Parameters
- grant_typeclient_credentials
- client_idYour app's client ID
- client_secretYour app's client secret
Assertion
Applications can get an access token for a user it has created by specifying the user ID.
Parameters
- grant_typeassertion
- client_idYour app's client ID
- client_secretYour app's client secret
- assertion_typeuser_id (the literal string user_id)
- assertionThe user ID whose access token you're requesting
Response
Success
On success, the response will contain an access token and refresh token. The access token will either never expire or will be valid for an hour, and the refresh token will be valid for one year. The refresh token can be used to get a new access token. The refresh token in this response should replace other refresh tokens you may have stored previously.
{ "access_token": "RsT5OjbzRn430zqMAZFh+QaLgVx+Q3Ia" }
Error
You will get a descriptive error message if there was a problem creating the account. See Error Codes for more information.
{ "error": "expired_token", "error_description": "The token provided has expired" }