Bearer token using refresh token
Authentication to LRS Connect API uses OAuth 2.0.
- User can find access/bearer token using refresh token (which received in password-based authentication)
- Data for inactive accounts will not be returned.
/rest/v4/oauth/token
Request
In order to receive tokens,
curl --location --request POST 'https://connect.lrsus.com/rest/v4/oauth/token' \
--header 'Content-Type: application/json' \
--data-raw '{
"scope": "OFFLINE_ACCESS",
"refreshToken": "refresh token",
"grantType": "REFRESH_TOKEN"
}
'
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
var raw = JSON.stringify({"scope":"OFFLINE_ACCESS","refreshToken":"refresh token","grantType":"REFRESH_TOKEN"});
var requestOptions = {
method: 'POST',
headers: myHeaders,
body: raw,
redirect: 'follow'
};
fetch("https://connect.lrsus.com/rest/v4/oauth/token", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));
import http.client
conn = http.client.HTTPSConnection("connect.lrsus.com")
payload = "{\n \"scope\": \"OFFLINE_ACCESS\",\n \"refreshToken\": \"refresh token\",\n \"grantType\": \"REFRESH_TOKEN\"\n}\n"
headers = {
'Content-Type': 'application/json'
}
conn.request("POST", "/rest/v4/oauth/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
#import <Foundation/Foundation.h>
dispatch_semaphore_t sema = dispatch_semaphore_create(0);
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://connect.lrsus.com/rest/v4/oauth/token"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
NSDictionary *headers = @{
@"Content-Type": @"application/json"
};
[request setAllHTTPHeaderFields:headers];
NSData *postData = [[NSData alloc] initWithData:[@"{\n \"scope\": \"OFFLINE_ACCESS\",\n \"refreshToken\": \"refresh token\",\n \"grantType\": \"REFRESH_TOKEN\"\n}\n" dataUsingEncoding:NSUTF8StringEncoding]];
[request setHTTPBody:postData];
[request setHTTPMethod:@"POST"];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
dispatch_semaphore_signal(sema);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSError *parseError = nil;
NSDictionary *responseDictionary = [NSJSONSerialization JSONObjectWithData:data options:0 error:&parseError];
NSLog(@"%@",responseDictionary);
dispatch_semaphore_signal(sema);
}
}];
[dataTask resume];
dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);
Request Body
| Key | Description |
|---|---|
| scope | The authentication scope. Provide the value as OFFLINE_ACCESS. |
| refreshToken | The refresh token is received during password-based authentication. |
| grantType | The grant type. Provide value as REFRESH_TOKEN. |
Response 200 (application/json)
The response will contain a "Bearer" token that must be passed on subsequent requests. The token is valid for 3600 seconds by default.
{
"tokenType": "Bearer",
"expiresIn": "3600",
"accessToken": "eyJraWQiOiJJQVE3czZMeFNmdW03SWFhYjNocEtiM0R5dGJta2Jic2dwUzVGRElnR2I4IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULlBNdExTU2FGU0wyYXVpRURtZ09ybjBmdlNrQ2VqUnBaUHpCTUxoLTFLUW8ub2FyeTFyazI5R3dFbmtNWDEwaDYiLCJpc3MiOiJodHRwczovL2Rldi05MTA3NDEub2t0YXByZXZpZXcuY29tL29hdXRoMi9hdXNianF0YmVpRURlcjZRVDBoNyIsImF1ZCI6Imh0dHBzOi8vYXBpLnN0b3JtcGF0aC5jb20vdjEvYXBwbGljYXRpb25zLzVzdW10Z2h3cDZWTDZxR1NtQ3dUMmMiLCJpYXQiOjE2MTUzNjk0NDYsImV4cCI6MTYxNTM3MzA0NiwiY2lkIjoiMG9hYmpwNW4wYVFQVzNBR0UwaDciLCJ1aWQiOiIwMHVmcGE0ZG9tRDB3SnpodzBoNyIsInNjcCI6WyJvZmZsaW5lX2FjY2VzcyJdLCJzdWIiOiJzYWdhcnpvbmRAZ21haWwuY29tIn0.e36xCFLL5lAyXb61m6VMie5oXQ5kPRUdysTEoi3GSlc-YsBk9dOqMdywf2-hxeMgXXQD1ky_2qHh4QnQtv35f8YP5BdvMgTmDwQh2xYoTBhcxPG36Da3SVYuHI5ZrscLaxtm52SWjSSx-tX0b-T1cNzQ1mcv9KcjFW0uIW9RPM6k91zMP06whlYn4DZFfOtUb5f4FYT67hEIFVHDSgg7xta4PyTab00s1a4ZqZrD1hPZ1Lr_Btt4LrFScr6Y7VLjeOiHCrlhfiy2H9-ptMcRRWI-EBgwr9NY6JjwusI5KIblAsz1TMGt1BjDoi4rtoz2jRfalv8f1LtjNOSqzt5KPQ",
"scope": "offline_access",
"refreshToken": "wZNBvgaPrP_SzjWvZd90Wpc5KmuC3xs18232322323"
}
The token is passed as an Authorization header value.
| Header | Value | Description |
|---|---|---|
| Authorization | Example: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0MzU3N...FWFxGl3odgJ25T0O7kwq-hca2QDtSIWKUFHTpBNU97c | Concatenate value of "Bearer" and access_token returned from /rest/v3/oauth/token method. |
SSL
SSL is used to encrypt all requests to & from LRS Connect API.
Updated less than a minute ago