API Documentation
Web API
Development
Workshops and Employees Transversal Requisitions Parts and Inventory Assets Requests Work
Integrations
Plugin v10 Valuekeep Integrator General
Valuekeep API DocumentationWeb API
API DocumentationWeb API
Web API
Back | List of Articles

How does the OAUTH 2.0 authorization work?

Last changed in 26/12/2024

OAuth 2.0 is a standard authorization protocol that allows applications to access a user's account in a web service (HTTP) such as the Valuekeep CMMS Web API.

The protocol delegates user authentication to the service that holds the user's account and authorizes external applications to access that user's account. The protocol makes authorization flows available for Web, desktop and mobile apps.

We now describe the basic operation of the protocol from the perspective of an application developer.

OAuth Roles

The protocol defines 4 roles:

  1. Resource owner: this is the user who authorizes the application's access to his account. Such access is limited to the scope of the authorization given by the user.
  2. Client: is the application that wants to access the user account.
  3. Resource server: is the server that hosts the user's accounts.
  4. Authorization server: is the server that verifies the identity of the user and assigns authorization tokens to the client (the application).

From the point of view of an application developer, the Web API you want to consume acts both as resource server and the authorization server. It is, therefore, common for the two roles to be combined in what is called a Service or simply an API.

Generic authorization flow

The normal authorization flow from an external application will follow these steps:

  1. The application requests permission to access user resources.
  2. If the user has already authorized such a request, the application receives an authorization grant.
  3. The application asks the authorization server for an access token, showing the user's identity and the authorization grant.
  4. If the application's identity is authenticated and the authorization grant is valid, the authorization server assigns an access token to the application and the authorization flow ends.
  5. The application requests a certain resource from the resource server and displays the access token it obtained before.
  6. If the access token is valid, the resource server will return the requested resource to the application.
  7. This is OAuth's normal conceptual flow, but the actual authentication flow depends on the type of authorization grant that is used. We will now discuss the different authorization grants available.

Authorization Grant: Client credentials grant

The type of grant used depends on the authorization method the app wishes to use and, of course, of the methods supported by the Web API. To work with the Valuekeep CMMS Web API, you must use the Client Credentials authorization method.

Refresh Token

When an access token expires, its use to perform requests to the API will result in the error “Invalid Token Error”. In that moment, if a refresh token has been included when the access token is generated, you can use it for a new server access token.

Example of a request of that type:

Bookmark or share this article
Esta página foi útil?
Obrigado pelo seu voto.

login para deixar a sua opinião.

Obrigado pelo seu feedback. Iremos analisá-lo para continuarmos a melhorar!
Related Articles
Web API Authentication How to get the WebAPI record? Web API Authentication How does the OAUTH 2.0 authorization work? How to get the WebAPI record?