Versions Compared

Version Old Version 3 New Version 4
Changes made by

Michal Gregor

Michal Gregor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The authorization code is a temporary code that the client will exchange for an access token. The code itself is obtained from the authorization server where the user gets a chance to see what information the client (in this case the client is Everifin Application) is requesting, and approve or deny the request.

Info

{{your_realm_value}} = `everifin_app`

Identity Provider base URL: https://app.everifin.com{{everifin_idp_url}}/auth/realms/{{your_realm_value}}/protocol/openid-connect/auth

...

Info

PKCE is not enabled by default. If you want to use PKCE, Contact Us

Example URL: https://app.everifin.com{{everifin_idp_url}}/auth/realms/{{your_realm_value}}/protocol/openid-connect/auth/?client_id={your_client_id}&&redirect_uri=http%3A%2F%2Flocalhost%2Fdashboard&response_type=code&state=MY_STATE1

...

Info

We will provide you with your own auth realm. The value is used in the URL below.

https://app.everifin.com{{everifin_idp_url}}/auth/realms/{your_realm_value}/protocol/openid-connect/token

Following parameter should be included in request body, formatted as application/x-www-form-urlencoded. Don’t Don't forget to include Content-Type: application/x-www-form-urlencoded in request headers.

Parameter

Value

Note

grant_type

authorization_code

code

obtained from redirect uri query parameter from step 1

client_id

same value as client_id query parameter from step 1

redirect_uri

same value as redirect_uri query parameter from step 1

code_verifier

Optional, only necessary for PKCE. We use it to recompute the code_challenge and verify if it matches the original code_challenge in the authorization request.

...

You can renew the Access token using the refresh token. A refresh token is valid for a longer period compared to the access token.

request method: POST

https://app.everifin.com{{everifin_idp_url}}/auth/realms/{your_realm_value}/protocol/openid-connect/token

...

When the user decides to end the session, the logout endpoint should be called. This invalidates the refresh_token. The access_token remains valid for the period specified in the /token endpoint response from step 2. Usually, this is a short period of 5 minutes.

request method: POST

https://app.everifin.com{{everifin_idp_url}}/auth/realms/{your_realm_value}/protocol/openid-connect/logout

...