Table of Contents

Introduction to Authentication

Tip

See Environments for information about the individual endpoints available for authentication.

Contents

This walkthrough documents the following OAuth2 flows and examples:

Each of these flows (for getting tokens) work slightly differently and have different pros and cons.

Warning

Not every flow will be enabled for your client that you are issued.
By default every client is able to use "Authorization Code" flow as it is the most secure of the supported flows.
If you require "Resource Owner" or "Client Credentials" flows, please get in touch with us at developer-support@purefarming.com.

Tokens

The authorization service can provide several different tokens:

Token Type Description
access_token This is the token that you use to authenticate yourself to any of the Pure Farming APIs. It is passed as a header, e.g. Authorization: Bearer ...
id_token This token represents the user 's identity. It contains claims about the authenticated user. You can decode this token and extract information about the user, such as their name, email, etc.
refresh_token This token allows you to get subsequent access_token's without requiring the user to re-authenticate. You can use this token to obtain a new access_token when the current one expires.

The responses will usually contain both an access_token and a id_token. However if you wish to obtain a refresh_token you have to explicitly request it in the initial authorization request.

To do this, you need to specify the offline_access scope in your initial authorization request.

Endpoints

The following endpoints are provided for authentication using OpenID Connect.

Note: the below endpoints are from the base authorization URL, as shown in Environments.

Type URL
authorize /realms/moa/protocol/openid-connect/auth
token /realms/moa/protocol/openid-connect/token