Bearer token using refresh token

Authentication to LRS Connect API uses OAuth 2.0.

  • User can find access/bearer token using refresh token (which received in password-based authentication)
  • Data for inactive accounts will not be returned.

/rest/v4/oauth/token

Request

In order to receive tokens,

curl --location --request POST 'https://connect.lrsus.com/rest/v4/oauth/token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "scope": "OFFLINE_ACCESS",
    "refreshToken": "refresh token",
    "grantType": "REFRESH_TOKEN"
}
'
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");

var raw = JSON.stringify({"scope":"OFFLINE_ACCESS","refreshToken":"refresh token","grantType":"REFRESH_TOKEN"});

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};

fetch("https://connect.lrsus.com/rest/v4/oauth/token", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));
import http.client

conn = http.client.HTTPSConnection("connect.lrsus.com")
payload = "{\n    \"scope\": \"OFFLINE_ACCESS\",\n    \"refreshToken\": \"refresh token\",\n    \"grantType\": \"REFRESH_TOKEN\"\n}\n"
headers = {
  'Content-Type': 'application/json'
}
conn.request("POST", "/rest/v4/oauth/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
#import <Foundation/Foundation.h>

dispatch_semaphore_t sema = dispatch_semaphore_create(0);

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://connect.lrsus.com/rest/v4/oauth/token"]
  cachePolicy:NSURLRequestUseProtocolCachePolicy
  timeoutInterval:10.0];
NSDictionary *headers = @{
  @"Content-Type": @"application/json"
};

[request setAllHTTPHeaderFields:headers];
NSData *postData = [[NSData alloc] initWithData:[@"{\n    \"scope\": \"OFFLINE_ACCESS\",\n    \"refreshToken\": \"refresh token\",\n    \"grantType\": \"REFRESH_TOKEN\"\n}\n" dataUsingEncoding:NSUTF8StringEncoding]];
[request setHTTPBody:postData];

[request setHTTPMethod:@"POST"];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
  if (error) {
    NSLog(@"%@", error);
    dispatch_semaphore_signal(sema);
  } else {
    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
    NSError *parseError = nil;
    NSDictionary *responseDictionary = [NSJSONSerialization JSONObjectWithData:data options:0 error:&parseError];
    NSLog(@"%@",responseDictionary);
    dispatch_semaphore_signal(sema);
  }
}];
[dataTask resume];
dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);

Request Body

KeyDescription
scopeThe authentication scope. Provide the value as OFFLINE_ACCESS.
refreshTokenThe refresh token is received during password-based authentication.
grantTypeThe grant type. Provide value as REFRESH_TOKEN.

Response 200 (application/json)

The response will contain a "Bearer" token that must be passed on subsequent requests. The token is valid for 3600 seconds by default.

{
    "tokenType": "Bearer",
    "expiresIn": "3600",
    "accessToken": "eyJraWQiOiJJQVE3czZMeFNmdW03SWFhYjNocEtiM0R5dGJta2Jic2dwUzVGRElnR2I4IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULlBNdExTU2FGU0wyYXVpRURtZ09ybjBmdlNrQ2VqUnBaUHpCTUxoLTFLUW8ub2FyeTFyazI5R3dFbmtNWDEwaDYiLCJpc3MiOiJodHRwczovL2Rldi05MTA3NDEub2t0YXByZXZpZXcuY29tL29hdXRoMi9hdXNianF0YmVpRURlcjZRVDBoNyIsImF1ZCI6Imh0dHBzOi8vYXBpLnN0b3JtcGF0aC5jb20vdjEvYXBwbGljYXRpb25zLzVzdW10Z2h3cDZWTDZxR1NtQ3dUMmMiLCJpYXQiOjE2MTUzNjk0NDYsImV4cCI6MTYxNTM3MzA0NiwiY2lkIjoiMG9hYmpwNW4wYVFQVzNBR0UwaDciLCJ1aWQiOiIwMHVmcGE0ZG9tRDB3SnpodzBoNyIsInNjcCI6WyJvZmZsaW5lX2FjY2VzcyJdLCJzdWIiOiJzYWdhcnpvbmRAZ21haWwuY29tIn0.e36xCFLL5lAyXb61m6VMie5oXQ5kPRUdysTEoi3GSlc-YsBk9dOqMdywf2-hxeMgXXQD1ky_2qHh4QnQtv35f8YP5BdvMgTmDwQh2xYoTBhcxPG36Da3SVYuHI5ZrscLaxtm52SWjSSx-tX0b-T1cNzQ1mcv9KcjFW0uIW9RPM6k91zMP06whlYn4DZFfOtUb5f4FYT67hEIFVHDSgg7xta4PyTab00s1a4ZqZrD1hPZ1Lr_Btt4LrFScr6Y7VLjeOiHCrlhfiy2H9-ptMcRRWI-EBgwr9NY6JjwusI5KIblAsz1TMGt1BjDoi4rtoz2jRfalv8f1LtjNOSqzt5KPQ",
    "scope": "offline_access",
    "refreshToken": "wZNBvgaPrP_SzjWvZd90Wpc5KmuC3xs18232322323"
}

The token is passed as an Authorization header value.

HeaderValueDescription
AuthorizationExample:

Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0MzU3N...FWFxGl3odgJ25T0O7kwq-hca2QDtSIWKUFHTpBNU97c
Concatenate value of "Bearer" and access_token returned from /rest/v3/oauth/token method.

SSL

SSL is used to encrypt all requests to & from LRS Connect API.