Introduction to Authentication
Tip
See Environments for information about the individual endpoints available for authentication.
Contents
This walkthrough documents the following OAuth2 flows and examples:
Each of these flows (for getting tokens) work slightly differently and have different pros and cons.
Warning
Not every flow will be enabled for your client that you are issued.
By default every client is able to use "Authorization Code" flow as it is the most secure of the supported flows.
If you require "Resource Owner" or "Client Credentials" flows, please get in touch with us at developer-support@purefarming.com.
Tokens
The authorization service can provide several different tokens:
| Token Type | Description |
|---|---|
access_token |
This is the token that you use to authenticate yourself to any of the Pure Farming APIs. It is passed as a header, e.g. Authorization: Bearer ... |
id_token |
This token represents the user 's identity. It contains claims about the authenticated user. You can decode this token and extract information about the user, such as their name, email, etc. |
refresh_token |
This token allows you to get subsequent access_token's without requiring the user to re-authenticate. You can use this token to obtain a new access_token when the current one expires. |
The responses will usually contain both an access_token and a id_token. However if you wish to obtain a refresh_token you have to explicitly request it in the initial authorization request.
To do this, you need to specify the offline_access scope in your initial authorization request.
Endpoints
The following endpoints are provided for authentication using OpenID Connect.
Note: the below endpoints are from the base authorization URL, as shown in Environments.
| Type | URL |
|---|---|
authorize |
/realms/moa/protocol/openid-connect/auth |
token |
/realms/moa/protocol/openid-connect/token |